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(57)Abstract; 

PROBLEM TO BE SOLVED: To provide a method, 
program and system for performing remote maintenance 
capable of remote maintenance on a plurality of Internet 
gateway terminals and their extension terminals to the 
utmost at the same time by way of a VPN(Virtual 
Private Network) on the Internet from a maintenance 
center while permitting duplicate local network 
addresses under the control, and to provide a recording 
medium for recording the remote maintenance execution 
program. 

SOLUTION: The method, program and system for 
executing remote maintenance adopts a characteristic 
configuration method realized such that a NAT(network 
address translation) 110 leading to a local network 7 is 
provided in a router section 1 1 in the Internet gateway 
terminal 1 to convert a global address into a iocal IP 
address for VPN NAT thereby allowing the maintenance 
center 9 to provide/release it. 
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* NOTICES * 

JPO and 1NPIT are not responsible for any 
damages caused by the use of this translation. 

1This document has been translated by computer So the translation may not reflect the original 
precisely. 

2.**** shows the word which can not be translated. 
Sin the drawings, any words are not translated. 



CLAIMS 



[Claim(s)] 

[Claim 1]While carrying out an IP connection to an extension terminal of any number by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways, It is a practice which performs remote maintenance from a maintenance 
center containing the VPN gateway concerned, In a router section in said each Internet gateway 
terminal, VPNNAT is provided between the local network and VPN treating part, A remote 
maintenance practice characterized by what said remote maintenance is carried out for by 
performing grant and release from a maintenance server of said maintenance center by making 
an address by the side of global into a local IP address for VPNNAT. 

[Claim 2]A demand of said remote maintenance in said practice, Said Internet gateway terminal 
which performs the demand concerned a global IP address of an extension terminal name which 
is a remote maintenance object and the Internet gateway terminal concerned, If it notifies to 
said maintenance server as a remote maintenance demand command, The maintenance server 
concerned which received the notice concerned a local IP address for VPNNAT and an 
extension terminal name which are given to said extension terminal for [ concerned / which was 
notified ] remote maintenance, Carry out a response to the Internet gateway terminal which has 
given the notice concerned as a remote maintenance demand response, and. Establishment of a 
VPN tunnel by IPsec using an authentication key of IPsec shared between global IP addresses of 
the Internet gateway terminal concerned in the case of a notice of installation is made to set it 
as a self VPN gateway, Setting out which makes a packet addressed to a iocal IP address for 
VPNNAT a VPN processing-object packet of said established VPN tunnel to the VPN gateway 
concerned is performed, The Internet gateway terminal which received said response acquires a 
real local IP address to said received extension terminal name, The remote maintenance practice 
according to claim 1 characterized by a thing which sets a real local IP address to the extension 
terminal name concerned, and said local IP address for VPNNAT to static NAT, and sets up to a 
self router section, and for which a series of above processings are carried out one by one. 
[Claim 3]As opposed to said extension terminal whose implementation of said remote 
maintenance is said remote maintenance object, The remote maintenance practice according to 
claim 2 characterized by what is performed from said maintenance center via said established 
VPN tunnel by said local IP address for VPNNAT. 

[Claim 4]An end of said remote maintenance goes via said established VPN tunnel with said local 
IP address for VPNNAT first, In a server part which transmitted a remote maintenance quit 
command, next received the transmission concerned to a server part of said Internet gateway 
terminal which made the VPN tunnel concerned establish, Perform processing concerning the 
remote maintenance quit command concerned, and an end response of remote maintenance is 
transmitted, In then, a maintenance server which received the end response of remote 
maintenance concerned. The 1st judgment whether ail maintenances to an applicable extension 
terminal were completed is made, In affirmation by the 1st judgment concerned, the ended 
extension terminal concerned Said server part of said Internet gateway terminal, In denial, a 
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judging process is ended while making that 2nd judgment which it is in any of said router section, 
In denial by the 2nd judgment concerned, shift to VPNNAT release processing, and the 3rd 
judgment whether all remote maintenance to said Internet gateway terminal which corresponds 
in another side affirmation was ended is made, . While shifting to VPN end processing in 
affirmation by the 3rd judgment concerned, in denial, end the judging process concerned. The 
remote maintenance practice according to claim 2 or 3 characterized by what a series of above 
processings are carried out for one by one. 

[Claim 5]Said VPNNAT release processing first a local IP address for VPNNAT to an extension 
terminal name for [ which said maintenance server set up on the occasion of a demand of said 
remote maintenance / said ] remote maintenance, While canceling of a VPN processing-object 
packet to said established VPN tunnel, After notifying an extension terminal name for 
[ concerned ] remote maintenance to said Internet gateway terminal, The Internet gateway 
terminal which received the notice concerned acquires a real local IP address to the received 
extension terminal name concerned, The remote maintenance practice according to claim 4 
characterized by what a series of above processings in which release static NAT with a local 
address for VPNNAT to it, and said maintenance server makes said 3rd judgment, and follows 
the decision result succeedingly are carried out for one by one. 

[Claim 6]In said VPN end processing, said maintenance server makes an end of an IPsec session 
a VPN quit command, The Internet gateway terminal which notified to said Internet gateway 
terminal and received the notice concerned, An answer to the VPN quit command concerned is 
transmitted to the maintenance server concerned as an end response of VPN, Said maintenance 
server makes a demand of said remote maintenance cancel said VPN tunnel set up on the 
occasion to said VPN gateway, The remote maintenance practice according to claim 4 or 5 
characterized by what a series of above processings that end VPN tunnel processing established 
between the VPN gateway concerned and said Internet gateway terminal are carried out for one 
by one. 

[Claim 7]Sasd notice of installation by the maintenance server concerned which notified 
installation notice commands to said maintenance server about the installation concerned, and 
received the installation notice commands concerned from said server part of said newly 
installed Internet gateway terminal An authentication key of IPsec which is the common 
information for said remote maintenance is generated, Said Internet gateway terminal which 
carried out the response to said Internet gateway terminal which has notified the installation 
notice commands concerned, and received the response concerned, The remote maintenance 
practice according to claim 2, 3, 4, 5, or 6 characterized by a thing which sets up an 
authentication key of IPsec to said self router section, and for which a series of above 
processings are carried out one by one. 

[Claim 8]In said either one of demand of said remote maintenance or notice of setting out said 
practice, The remote maintenance practice according to claim 2, 3, 4, 5, 6, or 7 characterized by 
what VPNNAT setting processing to said server part and said router section of said Internet 
gateway terminal is carried out for. 

[Claim 9]When a failure occurrence is detected to said Internet gateway terminal, said practice, 
First, the Internet gateway terminal concerned processes information which will start the failure 
concerned if information which starts failure as a failure information command is transmitted to 
said maintenance server, next said maintenance server receives said failure information 
command, It transmits to said Internet gateway terminal which transmitted the failure information 
command concerned as a failure information response, The remote maintenance practice 
according to claim 2 T 3, 4, 5, 6, 7, or 8 characterized by what a series of above processings in 
which the Internet gateway terminal concerned which received the failure information response 
concerned shifts to a demand of said remote maintenance are carried out for one by one. 
[Claim 10]While carrying out an IP connection to an extension terminal of any number by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways. It is a system which performs remote maintenance from a maintenance 
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center containing the VPN gateway concerned, NAT is provided between the local network and 
VPN treating part in a router section in said Internet gateway terminal, A remote maintenance 
execution system characterized by what is done to functional constitution which performs grant 
and release from said maintenance center by making an address by the side of global into a local 
IP address for VPNNAT for a system construction. 

[Claim 1 1]A maintenance server which said maintenance center gives a local address for 
VPNNAT for VPN access corresponding to an extension terminal name for [ concerned ] remote 
maintenance in response to a notice of an extension terminal name for remote maintenance from 
said Internet gateway terminal, From a remote maintenance device which performs said remote 
maintenance, and the remote maintenance device concerned- A VPN gateway which goes via 
access to a local IP address for VPNNAT corresponding to an extension terminal name for 
[ concerned ] remote maintenance, The remote maintenance execution system according to 
claim 10 characterized by what is done for network construction in a maintenance center local 
network, 

[Claim 1 2]A server part which said Internet gateway terminal notifies that an extension terminal 
name for remote maintenance is to said maintenance center, By [ concerned ] having notified. 
VPNNAT which assigns a local IP address for VPNNAT for VPN access given from the 
maintenance center concerned, and an IP address of an extension terminal name for 
[ concerned ] remote maintenance, and said VPN gateway and a VPN tunnel of the maintenance 
center concerned. By access to a local IP address for VPNNAT to a remote maintenance object 
terminal name which consisted of router sections of a VPN treating part to establish, and passed 
said VPN gateway- The remote maintenance execution system according to claim 1 0 or 1 1 
characterized by what a function to close packet transfer to said extension terminal from a 
remote maintenance device which performs said remote maintenance if possible is built for. 
[Claim 13]While carrying out an IP connection to an extension terminal of any nlimber by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways, . It can set to a system which performs remote maintenance from a 
maintenance center containing the VPN gateway concerned. It is a program used at the Internet 
gateway terminal concerned, When using remote maintenance service after the Internet gateway 
terminal concerned is installed, By execution of said program made to carry out to the Internet 
gateway terminal concerned, notice processing of installation which reports that it installed to 
said maintenance center After notifying installation notice commands to a maintenance server 
of said maintenance center about said installation, A remote maintenance implementation 
program which sets up an authentication key of IPsec which won popularity as the response 
concerned when a response to the installation notice commands concerned from the 
maintenance server concerned was received to a self router section and which is characterized 
by what a series of above procedures are stepped on for. 

[Claim 14]While carrying out an IP connection to an extension terminal of any number by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways. . It can set to a system which performs remote maintenance from a 
maintenance center containing the VPN gateway concerned. It is a program used at the Internet 
gateway terminal concerned, Depending on any of button grabbing by an operator of WEB access 
from said internal terminal to the Internet gateway terminal concerned, and the Internet gateway 
terminal concerned they are. By execution of said program made to carry out to the Internet 
gateway terminal concerned, a remote maintenance request process which requires remote 
maintenance. After notifying a global IP address of said extension terminal name which is a 
remote maintenance object, and said Internet gateway terminal to said maintenance server as a 
remote maintenance demand command, a response to said remote maintenance demand 
command is received, A real local IP address to an extension terminal name received as the 
response concerned is acquired, A remote maintenance implementation program to which a real 
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iocal IP address to the extension terminal name concerned and a local IP address for VPNNAT 
received as the response concerned are made to set as static NAT and which is characterized 
by what a series of above procedures are stepped on for. 

[Claim 15]While carrying out an IP connection to an extension terminal of any number by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways. . It can set to a system which performs remote maintenance from a 
maintenance center containing the VPN gateway concerned. It is a program used at the Internet 
gateway terminal concerned, Remote maintenance end processing concerning a notice of a 
purport that work of said remote maintenance performed from said maintenance center was 
completed, by execution of said program made to carry out to said inface gateway terminal which 
received the notice concerned. Ignited by reception of a remote maintenance quit command from 
said maintenance center, perform processing about the remote maintenance quit command 
concerned, and an end response of remote maintenance is transmitted, When a notice of an 
extension terminal name for remote maintenance is received from said maintenance center as a 
VPN release command, a real local IP address to the received extension terminal name 
concerned is acquired, A remote maintenance implementation program which releases static 
NAT with a local address for VPNNAT to an acquired real local IP address and which is 
characterized by what a series of above procedures are stepped on for, 

[Claim 16]While carrying out an IP connection to an extension terminal of any number by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways. In a system which performs remote maintenance from a maintenance 
center containing the VPN gateway concerned, Are a program used in the maintenance center 
concerned, and a remote maintenance request process corresponding to a demand of said 
remote maintenance by execution of said program made to perform to said maintenance server. 
In response to said demand, a local IP address for VPNNAT and an extension terminal name 
which are given to said extension terminal for [ concerning a demand of said remote 
maintenance ] remote maintenance, Transmit to said Internet gateway terminal which performed 
the demand concerned as a remote maintenance demand response, and. Establishment of a VPN 
tunnel by IPsec using an authentication key of IPsec shared between global IP addresses of the 
Internet gateway terminal concerned, Point to a self VPN gateway and the self VPN gateway 
concerned is received, A remote maintenance implementation program which performs setting 
out which makes a packet addressed to a local IP address for VPNNAT a VPN processing- 
object packet of a VPN tunnel established by the directions concerned and which is 
characterized by what a series of above procedures are stepped on for. 

[Claim 17]While carrying out an IP connection to an extension terminal of any number by each 
local network and carrying out the bottom of rule of each Internet gateway terminal, By 
establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways. By a system which performs remote maintenance from a maintenance 
center containing the VPN gateway concerned. According to said installation notice commands, 
setting-out notice-commands processing in which installation notice commands from said 
Internet gateway terminal which is a program used in the maintenance center concerned, and 
was newly installed are processed, by execution of said program made to perform to said 
maintenance center, A remote maintenance implementation program which generates an 
authentication key of IPsec which is the common information for said remote maintenance, and 
carries out a response to said Internet gateway terminal which has notified the installation notice 
commands concerned and which is characterized by what a series of above procedures are 
stepped on for. 

[Claim 18]While carrying out an IP connection to an extension terminal of any number by each 
iocal network and carrying out the bottom of rule of each Internet gateway terminal, By 
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establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model via each Internet gateway terminal concerned and Internet 
between VPN gateways. In a system which performs remote maintenance from a single 
maintenance center containing the VPN gateway concerned, Ignited by being a program used in 
the maintenance center concerned, and an end button in said maintenance center having been 
pushed, Remote maintenance end processing which reports that work of said remote 
maintenance was completed by execution of said program made to perform to said maintenance 
server It goes via a VPN tunnel established with a local IP address for VPNNAT, As opposed to 
a server part of said Internet gateway terminal which made the VPN tunnel concerned establish, 
If a response of the end of remote maintenance concerned is received after transmitting a 
remote maintenance quit command, the 1st judgment wili be made for that of whether all 
maintenances to an applicable extension terminal were completed, In affirmation by the 1st 
judgment concerned, while said ended extension terminal concerned makes that 2nd judgment 
which it is in any of said server part of said Internet gateway terminal, or a router section, While 
ending this program in denial and shifting in the 2nd judgment concerned to VPNNAT release 
processing in denial, The 3rd judgment whether all remote maintenance to said Internet gateway 
terminal which corresponds in affirmation was ended is made, A remote maintenance 
implementation program characterized by what a series of above procedures that end this 
program in denial are stepped on for while shifting to VPN end processing in affirmation by the 
3rd judgment concerned. 

[Claim 19]Said VPNNAT release processing a local IP address for VPNNAT to an extension 
terminal name for [ which was set up in response to a remote maintenance demand ] remote 
maintenance, Carry out to said VPN gateway and said Internet gateway terminal is received so 
that it may cancel of a VPN processing-object packet to said established VPN tunnel, After that, 
notify an extension terminal name for remote maintenance, are a series of processings which 
carry out a return to said 3rd judgment, and said VPN end processing, It transmits to said 
Internet gateway terminal by making an end of an IPsec session into a VPN quit command, Said 
VPN tunnel set up on the occasion of a remote maintenance implementation demand makes said 
VPN gateway cancel, The remote maintenance implementation program according to claim 18 
characterized by a thing which terminates VPN tunnel processing established between the VPN 
gateway concerned and the Internet gateway terminal concerned, and which they are a series of 
processings. 

[Claim 20]A recording medium which recorded a remote maintenance implementation program 
characterized by what was done for the nonfiction of a series of procedure by the remote 
maintenance implementation program according to claim 13, 14, 15, 16, 17, 18, or 19. 
[Claim 21]An extension terminal by which the IP connection was carried out to a local network 
of two or more Internet gateway terminal itself connected to the Internet, and a subordinate of 
those, By establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model between VPN gateways connected to the Internet gateway 
terminal concerned and the Internet concerned, It is a practice which performs remote 
maintenance from a single maintenance server of the VPN gateway subordinate concerned, 
Before building VPN, said maintenance center which received a VPN construction demand from 
said Internet gateway terminal chooses a VPN gateway with an empty resource of VPN from two 
or more VPN gateways of the subordinate dynamically, A global IP address of the selected VPN 
gateway concerned is notified to the Internet gateway terminal concerned, A remote 
maintenance practice characterized by what the Internet gateway terminal concerned carries out 
said remote maintenance for by setting up considering the notified global IP address concerned 
as an opposite host of the VPN concerned. 

[Claim 22]An extension terminal by which the IP connection was carried out to a local network 
of two or more Internet gateway terminal itself connected to the Internet, and a subordinate of 
those, By establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference mode! between VPN gateways connected to the Internet gateway 
terminal concerned and the Internet concerned, If it is a system which performs remote 
maintenance from a single maintenance server of the VPN gateway subordinate concerned and a 
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demand of VPN construction is received from said Internet gateway terminal, A VPN gateway 
with an empty resource of VPN is dynamically chosen from two or more VPN gateways of the 
subordinate, Require said VPN construction from said maintenance center which notifies a global 
IP address of the selected VPN gateway concerned to the Internet gateway terminal which made 
the demand concerned, and the maintenance center concerned, and. . Provide said said Internet 
gateway terminal which sets up a global IP address of said notified selected VPN gateway as an 
opposite host of the VPN concerned from the maintenance center concerned to the demand 
concerned. A remote maintenance execution system characterized by things, 
[Claim 23]An extension terminal by which the IP connection was carried out to a local network 
of two or more Internet gateway terminal itself connected to the Internet, and a subordinate of 
those, By establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model between VPN gateways connected to the Internet gateway 
terminal concerned and the Internet concerned, . It can set to a system which performs remote 
maintenance from a single maintenance server of the VPN gateway subordinate concerned. It is 
a program used at the Internet gateway terminal concerned, Depending on any of registration of 
a remote maintenance demand from said extension terminal, or button grabbing of said Internet 
gateway terminal body by the Internet gateway terminal management person they are. By 
execution of said program made to carry out to the Internet gateway terminal concerned, VPN 
gateway address request processing in which a VPN gateway address is required. If said VPN 
gateway address is required from said maintenance center and a VPN gateway address request 
response to the demand concerned is received from the maintenance center concerned, A VPN 
gateway global IP address which received as the VPN gateway address request response 
concerned as an opposite host of VPN, A remote maintenance implementation program which 
sets it as a self router section and processes said remote maintenance demand and which is 
characterized by what a series of above procedures are stepped on for. 

[Claim 24]An extension terminal by which the IP connection was carried out to a local network 
of two or more Internet gateway terminal itself connected to the Internet, and a subordinate of 
those, By establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model between VPN gateways connected to the Internet gateway 
terminal concerned and the Internet, . It can set to a system which performs remote 
maintenance from a single maintenance server of the VPN gateway subordinate concerned. VPN 
gateway address request processing which is a program used in the maintenance center 
concerned, and is processing in said maintenance center accompanying a VPN gateway address 
request from said Internet gateway terminaf by execution of said program made to perform to 
the maintenance center concerned. If said VPN gateway address request is received from said 
Internet gateway terminal, A VPN gateway with a VPN opening resource is dynamically chosen 
from two or more VPN gateways under self rule, . Step on a series of above procedures that 
notify a global IP address of the VPN gateway to the Internet gateway terminal which made the 
VPN gateway address request concerned. A remote maintenance implementation program 
characterized by things. 

[Claim 25]A recording medium which recorded a remote maintenance implementation program 
characterized by what was done for the nonfiction of a series of procedure by the remote 
maintenance implementation program according to claim 23 or 24. 



[Translation done.] 
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DETAILED DESCRIPTION 



[Detailed Description of the Invention] 
[0001] 

[Field of the InventionjThis invention, VPN is used for extension terminals, such as a personal 
computer connected to the local network of the Internet gateway terminal itself and its Internet 
gateway terminal subordinate from the maintenance center connected to the Internet, via the 
Internet. It is related with the remote maintenance practice which performs remote maintenance, 
the remote maintenance system directly used for the operation, a program, and the recording 
medium. 
[0002] 

[Description of the Prior Art]From the maintenance center conventionally connected to the 
Internet to the Internet gateway terminal. (Following and ** style GW terminal) The personal 
computer on the local network connected to the very thing and its ** style GW terminal. There 
is a method proposed by Japanese Patent Application No. 2000-000496 considering (the 
following and an extension terminal) as a remote maintenance practice (it is hereafter called VPN 
remote maintenance) which performs remote maintenance via the Internet using VPN. 
[0003] However, in the VPN remote maintenance proposed by the method of Japanese Patent 
Application No. 2000-000496. When performing remote maintenance simultaneously to two or 
more style GW terminals, When the target style GW terminal subordinate's local network 
address overlaps and a packet is sent to the ** style GW terminal for remote maintenance, and 
the subordinate's extension terminal via VPN from a maintenance center, In order that an object 
local IP address may carry out batting, in the VPN gateway by the side of a maintenance center. 
It was impossible to have performed the maintenance to two or more ** style GW which cannot 
judge which local net WAKUHE packet I may send out, but have the same local network address 
simultaneously. 

[0004]Then, as a method of maintaining simultaneously to two or more ** style GW which have 
the same local network address as a subordinate from the inside of the local network of a 
maintenance center, When the internal network of each ** style GW is seen from the Internet 
side, the technique with which it is made for the local network address to become unique can be 
considered. 

[0005]The temporary local network address for specifically carrying out VPN communication the 
maintenance center side inside ** style GW. It is a technique of providing the treating part 
(following, NATBOX) which fixes and connects (the IP address for the following and VPNNATX 
and a local network address, and operation is explained based on drawing 32. 
[0006]In drawin g 32, in order to show change of the address of a packet in the case of 
performing IP communication via VPNNAT from client PC (a) to server PC (b), the topology of 
each node is explained first. It is connected to the private network (c) and client PC (a) has a 
private IP address of 192.168.2.103. The VPN gateway (d) is connected to the private network 
<c>. 

It has 21 1.0.0.1 as a global IP address by the side of the Internet (e), 
[0007]The VPN router (f) is connected to the private network (gX 
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It has 210.0,0.1 as a global IP address by the side of the Internet. 

It is connected to the private network (c) and server PC (b) has a private IP address of 
192.168.1.1-192.168.1.254. 

[0008]A VPN gateway (d) and ** style GW (it is also hereafter called a VPN router) are building 
the tunnel (h) of VPN. In the VPN gateway (d), 10.0.0,0/24 is set up as a packet for VPN to the 
VPN tunnel (h) to a VPN router (b). In the VPN router (b), 192.168.2.0/24 is set up as a packet 
for VPN to the VPN tunnel (h) of VPN gateway (d) HE. 

[0009]NATBOX (f10) has an address of 10.0.0.1-10.0.0.254 in the Internet (e) side as an IP 
address for VPNNAT, Static NAT is set to 10.0.0.1 by 192 .1 68.1.1, 10.0.0.2, 192.168.1.2, — 
(abbreviation)-- 10.0.0.254 and 192.168.1.254. 

[0010]If its attention is paid about server PC (b) of 192.168.1.1, here, When the packet of the 
transmission source address 192.168.1.1 is sent out from the private network (g) side of 
NATBOX (flO), a transmission source address is rewritten by 10,0,0.1 and sent out to the 
Internet side of NATBOX (flO), If the packet addressed to transmission destination 10.0,0.1 
arrives from the Internet (e) side of NATBOX (f10), a transmission destination address will be 
rewritten by 192.168.1.1 and will be sent out to the private network (c) side of NATBOX (flO). 
[001 1]Hereafter, the address change of the packet at the time of communicating between client 
PC (a) and server PC (b) is shown. Here, the original packet addressed to server PC (b) from 
client PC (a) is sent out by "a transmitting agency is the 1 92.1 68.2.1 03:transmission destination 
10.0.0.1", and reaches a VPN gateway (d). 

[0012]Since the VPN gateway (d) received the packet of 10.0.0.1, it judges it as the packet for 
VPN to the VPN tunnel (h) to a VPN router (f) T and it encapsulates by adding the new IP header 
of "a transmitting agency is the 21 1 .0.0.1 :transmission destination 210.0.0,1/' It is enciphered and 
an original packet goes into a data division. This packet reaches the VPN treating part (f1 1) of a 
VPN router via a VPN tunnel. 

[0013]In the VPN treating part (f1 1) of a VPN router, an original packet is decrypted and it sends 
out to NATBOX (f10) as "a transmitting agency is the 1 92.1 68.2.1 03:transmission destination 
10.0.0.1/' Since static NAT is set up by the outside 10.0.0,1 and the inside 192.168.1.1 and a 
transmission destination address matches 10,0.0.1 in NATBOX (f10), Address translation is 
performed, and it becomes "a transmitting agency is the 1 92.1 68.2.1 03:transmission destination 
192.1 68.1.1", and is sent out to the network of a private network (c). Therefore, this packet can 
reach server PC (b). 

[0014]The response original packet from server PC (b) to client PC (a) is sent out by "a 
transmitting agency is the 192.1 68. 1.T.transmission destination 192.168.2.103", and arrives in the 
VPN roux evening (f). In a VPN router (fX since 192.168.2.0/24 of packets were received, it is 
judged as the packet for VPN to the VPN tunnel (h) of VPN gateway (d) HE, and a packet is first 
sent to NATBOX (f10>. 

[0015]Since static NAT is set up by the outside 10.0.0.1 and the inside 192.168.1.1 and a 
transmission source address matches 192.168.1.1 in NATBOX (flO), Address translation is 
performed, and it becomes "a transmitting agency is the 1 0.0.0,1 transmission destination 
192.168.2.103", and is sent to a VPN treating part (b11). 

[001 6]a VPN treating part (f1 1) — " — it encapsulates by becoming transmitting agency 
21 0.0.0.1 transmission destination 211.0.0.1", and adding a new IP header. It is enciphered and a 
response original packet goes into a data division. This packet reaches a VPN gateway (d) via a 
VPN tunnel (h). In a VPN gateway (d), a response original packet is decrypted, and it becomes "a 
transmitting agency is the 10.0.0.1 transmission destination 192.168.2.103", and is sent out to the 
network of a private network (c). Therefore, this packet can reach client PC (a). 
[0017]as mentioned above, ** style GW from a maintenance center (f) A static VPNNAT 
function is applied for the private network (g) of a maintenance center, and the #* style GW (f) 
subordinate's private network (c) to the case where the number of a subordinate's local 
networks is one in one set. The operation outline at the time of communicating was explained. 
The inside of a figure (f1) is a router section which comprises NATBOX (f10) and a VPN treating 
part (f11). 

[0018]The private network (g') (g") of the subordinate of two ** style GW (f ) (f) from a 
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maintenance center Next, those with two, About the case where the private network address 
overlaps. The operation outline in the case of communicating from the private network (c) of a 
maintenance center with the application of a static VPNNAT function to each ** style GW (f ) 
(f) subordinate's private network (g) (g") is explained. 

[Q019]In the case where the private network network address of the subordinate of two style 
GW (f) (f) is the same to drawing 33, How to access simultaneously server PC(b1) - (b4) of two 
** style GW (f ) (f) subordinates' address from a maintenance center using a static VPNNAT 
function is shown. 

E0020]Here, in order to show change of the address of a packet in the case of performing IP 
communication via server PG (b1) from client PC (a) - (b4) VPNNAT, the topology of each node 
is explained first It is connected to the private network (g) (g"), and client PC (a) has a private 
IP address of 192.168.2.103. The VPN gateway (d) is connected to the private network (cX 
It has 211.0,0.1 as a global IP address by the side of the Internet (e). 

[0021 ]The VPN router (f) is connected to the private network (gX 
It has 210.0.0.1 as a global IP address by the side of the Internet (e). 

It is connected to the internal local networks 192.168.1.0/24 of a VPN router (fX and server PC 
(b1) (b2) has a private IP address of 1 92.1 68.1 .1 -1 92.1 68.1 .254, The VPN gateway (d) and the 
VPN router (F) are building the tunnel (h') of VPN. 

[0022]In the VPN gateway (d), 10.0.0.0/24 is set up as a packet for VPN to the VPN tunnel (h') 
to a VPN router (f X In the VPN router (f X 1 92.1 68.2.0/24 is set up as a packet for VPN to the 
VPN tunnel (W) of VPN gateway (d) HE. 

[0023]NATBOX (f10 r ) has an address of 10.0.0.1-10.0.0.254 in the Internet (e) side as an IP 
address for VPNNAT, Static NAT is set to 10.0.0.1 by 192.168.1.1, 10.0.0.2, 192.168,1.2, — (an 
abbreviation), — 10.0.0.254 and 192.168.1.254. 

[0024]If its attention is paid about server PC (b1) (b2) of 192.168.1.1, here, When the packet of 
the transmission source address 192.168.1.1 is sent out from the private network (g) side of 
NATBOX (flOX a transmission source address is rewritten by 10.0,0.1 and sent out to the 
Internet side of NATBOX (flO'X If the packet addressed to transmission destination 10.0.0.1 
arrives from the Internet (e) side of NATBOX (flO'X a transmission destination address will be 
rewritten by 192.168,1.1 and will be sent out to the private network side of NATBOX (f). 
[0025]The VPN router (f) is connected to the private network (g"X 
It has 210.0.1.1 as a global IP address by the side of the Internet (e). 

It is connected to the internal local networks 192,168.1.0/24 of a VPN router (f"X and server PC 
(b3) (b4) has a private IP address of 192.168.1.1-192.168.1.254. 

[0026]The VPN gateway <d) and the VPN router (f) are building the tunnel (h") of VPN. In the 
VPN gateway (d), 10.0.1.0/24 is set up as a packet for VPN to the VPN tunnel (h") to a VPN 
router (f'X In the VPN router (f X 192.168.2 and 0/24 are set up as a packet for VPN to the 
VPN tunnel (h") of VPN gateway (d) HE. 

[0027]NATBOX (f10") has an address of 1 0.0.1. T-1 0,0.1 .254 in the Internet (e) side as an IP 
address for VPNNAT, Static NAT is set to 10.0.1.1 by 192.168,1,1, 10.0.1.2, 192.168.1.2, — , (an 
abbreviation), — , 10.0.1.254 and 192.168.1.254. 

[0028]If its attention is paid about server PCB of 1 92.1 68.1 .1 , here, When the packet of the 
transmission source address 192.168.1.1 is sent out from the private network (g") side of 
NATBOX (f'X a transmission source address is rewritten by 10.0,1.1 and sent out to the Internet 
(e) side of NATBOX (f'X If the packet addressed to transmission destination 10.0.1.1 arrives 
from the Internet (e) side of NATBOX (f'X a transmission destination address will be rewritten 
by 192.168.1.1 and will be sent out to the private network (g") side of NATBOX (f'X 
[0029]The private network (g) (g") of the subordinate of two ** style GW (f ) (f ') from a 
maintenance center As mentioned above, those with two, About the case where the private 
network address overlaps. The operation outline in the case of communicating from the private 
network (c) of a maintenance center with the application of a static VPNNAT function to each 
** style GW (F) (f) subordinate s private network (gO (g") was explained. 

[0030]Although it is needless to say r operation [ said / which was shown / "when those with two 
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and its private network address overlap in the private network of the subordinate of two ** style 
GW" 1 It can apply, "when those with N piece and its private network address overlap in the 
private network of the subordinate of a ** style GWN (N is arbitrary natural numbers) stand." 
[Q031]Therefore, by accessing from a maintenance center by the method shown in drawing 33, 
after building static VPNNAT, When performing remote maintenance simultaneously to two or 
more ** style GW terminals (VPN router), Even when the target ** style GW terminal 
subordinate's private network address overlaps, When sending a packet to the ** style GW 
terminal for remote maintenance, and the subordinate's extension terminal (server PC) via VPN 
from a maintenance center, By sending out for [ by the side of the Internet of NATBOX which 
assigned the object private IP address by static VPNNAT ] addresses, in the VPN gateway by 
the side of a maintenance center. It can be judged which private net WAKUHE packet I may send 
out, and it becomes possible to perform the maintenance to two or more ** style GW terminals 
which have the same private network address simultaneously. Hereafter, this will be called a 
"static VPNNAT method/' 

[0032]In the VPN remote maintenance proposed by Japanese Patent Application No. 2000- 
000496. It made it indispensable for the ** style GW terminal to know the global IP address of 
the VPN gateway of a maintenance center a priori, and the measure and the method of 
embedding and shipping the global IP address of a VPN gateway to a ** style GW terminal 
beforehand were taken. 
[0033] 

[Problem(s) to be Solved by the Invention] However, when accessing from the private network of 
a maintenance center to all the private networks of a ** style GW terminal subordinate with said 
explained "static VPNNAT" method, When building VPN between the ** style GW terminal and 
the VPN gateway, in the ** style GW terminal, the IP address for VPNNAT and the real local IP 
address of the private network needed to be assigned by static VPNNAT a priori. 
[0034]In this case, it is necessary to assign a priori the IP address resource for VPNNAT 
(private IP address) which the maintenance center side manages uniquely by the number of a 
terminal of the private network of the ** style GW terminal subordinate for maintenance. A very 
huge number of IP address resources for VPNNAT were needed to the number of object 
terminals which actually maintains. That is, in the static VPNNAT method, when the private IP 
address of the class was used, only the extension terminal of a maximum of about 16,700,000 
sets of ** style GW terminal subordinates was a remote maintenance object terminal, 
[0035]For example, the private address of the class is used as an IP address resource for 
VPNNAT, When all the subnet masks of a ** style GW terminal subordinate's private network are 
24 bits and all the subnet masks of a maximum about 65,000 ****** style GW terminal 
subordinate's private network are 16 bits, only the terminal of the ** style GW terminal 
subordinate of the maximum about 256 subscription. There were limitations that it could not do 
with a maintenance object 

[0036]When performing VPN remote maintenance proposed by the method of Japanese Patent 
Application No. 2000-000496 using a static VPNNAT method, All the extension terminal 
resources of the ** style GW terminal subordinate who raised the remote maintenance demand 
had a problem that access will become possible from a maintenance center. 

[0037]When the number of the notices of installation of VPN remote maintenance increases and 
the simultaneous user of VPN remote maintenance service exceeds the number of permission 
VPN sessions of a VPN gateway, The VPN gateway needed to be extended and installed by the 
maintenance center side, and a means to make the global IP address of a VPN gateway set it as 
a terminal in that case did not exist The method which notifies the Internet gateway 
administrator of the VPN gateway address of a maintenance center by a certain means and to 
which a VPN gateway address is made to set manually, Since the help followed on the occasion 
of remote maintenance, there was a problem of being inapplicable in VPN remote maintenance. 
[0038]In here, the main purposes that this invention should be solved are as follows. 
[0039]The 1st purpose of this invention is a VPN course of a maintenance center to the 
Internet, When remote maintenance of two or more ** style GW terminals which permitted 
duplication of a subordinate's private (local) network address, and its extension terminal is 
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carried out simultaneously, Restriction of the ** style GW terminal for remote maintenance, and 
the number of extension terminals, A remote maintenance practice which makes it possible to 
approve to the maximum of the IP address resource managed by the maintenance center side, 
and to perform simultaneously remote maintenance of many ** style GW terminals and the 
subordinate's extension terminal as much as possible, Let a system, a program, and a recording 
medium be offer plugs. 

[0040]The remote maintenance practice, system which do not need to assign a priori the 
VPNNAT important point IP address resource with which the maintenance center side manages 
the 2nd purpose of this invention uniquely by the number of a terminal of the private network of 
the ** style GW terminal subordinate for maintenance, Let a program and a recording medium be 
offer plugs. 

[0041]When performing VPN remote maintenance, the 3rd purpose of this invention, Let the 
remote maintenance practice, system and program kept access from a maintenance center from 
taking place to all the extension terminal resources of the ** styie GW terminal subordinate who 
raised the remote maintenance demand, and a recording medium be offer plugs, 
[0042]The 4th purpose of this invention needs to extend and install a VPN gateway by the 
maintenance center side, when the number of the notices of installation of VPN remote 
maintenance increases and the simultaneous user of VPN remote maintenance exceeds the 
number of permission VPN sessions of a VPN gateway, but. In that case, let the remote 
maintenance practice which set the global IP address of the VPN gateway as the terminal, a 
system, a program, and a recording medium be offer plugs, 

[0043]Other purposes of this invention will become naturally clear from the statement of each 

claim of a specification, a drawing, especially a claim. 

[0044] 

[Means for Solving the Problem]While carrying out the IP connection of this invention method to 
an extension terminal of any number by ** each local network and carrying out it the bottom of 
rule of each Internet gateway terminal in solution of an aforementioned problem, By establishing 
IPsec which realizes a VPN session in a network layer of open systems interconnection 
reference model via each Internet gateway terminal concerned and Internet between VPN 
gateways. It is a practice which performs remote maintenance from a single maintenance center 
containing the VPN gateway concerned, In a router section in the Internet gateway terminal 
concerned, VPNNAT is provided between the said local network and VPN treating part, . Carried 
out by performing grant and release from the maintenance center concerned by making an 
address by the side of global into a local IP address for VPNNAT. An extension terminal by which 
the IP connection was carried out to a local network of two or more Internet gateway terminal 
itself connected to a characteristic configuration method and Internet, and a subordinate of 
those, By establishing IPsec which realizes a VPN session in a network layer of open systems 
interconnection reference model between VPN gateways connected to the Internet gateway 
terminal concerned and the Internet, It is a practice which performs remote maintenance from a 
single maintenance server of the VPN gateway subordinate concerned, Before building VPN, said 
maintenance center which received a VPN construction demand from said Internet gateway 
terminal chooses a VPN gateway with an empty resource of VPN from two or more VPN 
gateways of the subordinate dynamically, A global IP address of the selected VPN gateway 
concerned is notified to the Internet gateway terminal concerned, By setting up considering the 
notified global IP address concerned as an opposite host of the VPN concerned, the Internet 
gateway terminal concerned devises a characteristic configuration method which carries out said 
remote maintenance, 

[0045]While carrying out the IP connection of this invention system to an extension terminal of 
any number by ** each local network and carrying out it the bottom of rule of each Internet 
gateway terminal in solution of an aforementioned problem, By establishing IPsec which realizes 
a VPN session in a network layer of open systems interconnection reference model via each 
Internet gateway terminal concerned and Internet between VPN gateways. It is an execution 
system which performs remote maintenance from a single maintenance center containing the 
VPN gateway concerned, In a router section in the Internet gateway terminal concerned, a 
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VPNNAT means is formed between the said local network and VPN treating part, . Carried out 
the system construction to functional constitution which can perform grant and release from the 
maintenance center concerned by making an address by the side of global into a loca! IP address 
for VPNNAT. An extension terminal by which the IP connection was carried out to a local 
network of two or more Internet gateway terminal itseif connected to characteristic constituent 
means and ** Internet, and a subordinate of those, By establishing IPsec which realizes a VPN 
session in a network layer of open systems interconnection reference model between VPN 
gateways connected to the Internet gateway terminal concerned and the Internet, If it is a 
system which performs remote maintenance from a single maintenance server of the VPN 
gateway subordinate concerned and a demand of VPN construction is received from said 
Internet gateway terminal, A VPN gateway with an empty resource of VPN is dynamically chosen 
from two or more VPN gateways of a self subordinate, Require said VPN construction from said 
maintenance center which notifies a global IP address of the selected VPN gateway concerned 
to the Internet gateway terminal which made the demand concerned, and the maintenance 
center concerned, and. A characteristic constituent means which possesses said said Internet 
gateway terminal which sets up a global IP address of said notified selected VPN gateway as an 
opposite host of the VPN concerned from the maintenance center concerned to the demand 
concerned is provided, 

[0046]While carrying out the IP connection of this invention program to an extension terminal of 
any number by each local network in solution of an aforementioned problem and carrying out 
the bottom of rule of each Internet gateway terminal, By establishing IPsec which realizes a VPN 
session in a network layer of open systems interconnection reference model via each Internet 
gateway terminal concerned and Internet between VPN gateways. By a program used in the 
Internet gateway terminal concerned and the maintenance center concerned by a system which 
performs remote maintenance from a maintenance center containing the VPN gateway 
concerned. Make an address by the side of global into a local IP address for VPNNAT, and From 
the maintenance center concerned to grant. An extension terminal by which the IP connection 
was carried out to a loca! network of two or more Internet gateway terminal itself [ which was 
connected to characteristic configuration procedure and Internet ] which performed various 
kinds of procedure which releases, and a subordinate of those, By establishing IPsec which 
realizes a VPN session in a network layer of open systems interconnection reference model 
between VPN gateways connected to the Internet gateway terminal concerned and the Internet, 
By a program used in the Internet gateway terminal concerned and the maintenance center 
concerned by a system which performs remote maintenance from a single maintenance server of 
the VPN gateway subordinate concerned. The Internet gateway terminal concerned a VPN 
gateway address which performed a VPNGW address request and was notified from the 
maintenance server concerned according to the VPNGW address request concerned as an 
opposite host of VPN, If procedure set as a self router section and the VPNGW address request 
concerned are received, A VPN gateway with a VPN opening resource is dynamically chosen 
from two or more VPN gateways under self rule, Characteristic configuration procedure which 
performed procedure which notifies a global IP address of the VPN gateway to the Internet 
gateway terminal which made the VPN gateway address request concerned is devised. 
[0047]this invention recording medium devises characteristic composition procedure which 
carried out nonfiction of a series of conclusion procedure by this invention program in solution of 
an aforementioned problem. 

[0048]If it explains in full detail concretely, when this invention devises each new characteristic 
configuration method, a means, a procedure, or procedure enumerated next, by solution of the 
technical problem concerned, it will be made as [ attain / the above-mentioned purpose ]. 
[0049]While carrying out the IP connection of the 1st feature of this invention method to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways, It is a practice which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned, In a router 
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section in said each Internet gateway terminal, VPNNAT is provided between the said local 
network and VPN treating part, It is in composition adoption of a remote maintenance practice 
which carries out said remote maintenance by performing grant and release from a maintenance 
server of said maintenance center by making an address by the side of global into a local IP 
address for VPNNAT. 

[0050]A demand of said remote maintenance in said practice in the 1st feature of an above- 
mentioned this invention method the 2nd feature of this invention method, Said Internet gateway 
terminal which performs the demand concerned a global IP address of an extension terminal 
name which is a remote maintenance object, and the Internet gateway terminal concerned, If it 
notifies to said maintenance server as a remote maintenance demand command, The 
maintenance server concerned which received the notice concerned a local IP address for 
VPNNAT and an extension terminal name which are given to said extension terminal for 
[ concerned / which was notified ] remote maintenance, Carry out a response to the Internet 
gateway terminal which has given the notice concerned as a remote maintenance demand 
response, and. Establishment of a VPN tunnel by IPsec using an authentication key of IPsec 
shared between global IP addresses of the Internet gateway terminal concerned in the case of a 
notice of installation is made to set it as a self VPN gateway, The Internet gateway terminal 
which performed setting out which makes a packet addressed to a local IP address for VPNNAT 
a VPN processing-object packet of said established VPN tunnel to the VPN gateway concerned, 
and received said response, A real local IP address to said received extension terminal name is 
acquired, It is in composition adoption of a remote maintenance practice which carries out a 
series of above processings in which set a real local IP address to the extension terminal name 
concerned, and said local IP address for VPNNAT to static NAT, and it sets up to a self router 
section, one by one. 

[0051 ]As opposed to said extension terminal whose implementation of said remote maintenance 
[ in / in the 3rd feature of this invention method / the 2nd feature of an above-mentioned this 
invention method ] is said remote maintenance object, It is in composition adoption of a remote 
maintenance practice which it comes to carry out from said maintenance center via said 
established VPN tunnel with said local IP address for VPNNAT. 

[0052]An end of said remote maintenance [ in / in the 4th feature of this invention method / the 
2nd or 3rd feature of an above-mentioned this invention method ] goes via said established VPN 
tunnel with said local IP address for VPNNAT first, In a server part which transmitted a remote 
maintenance quit command, next received the transmission concerned to a server part of said 
Internet gateway terminal which made the VPN tunnel concerned establish, Perform processing 
concerning the remote maintenance quit command concerned, and an end response of remote 
maintenance is transmitted, In then, a maintenance server which received the end response of 
remote maintenance concerned. The 1st judgment whether all maintenances to an applicable 
extension terminal were completed is made, In affirmation by the 1st judgment concerned, the 
ended extension terminal concerned Said server part of said Internet gateway terminal, In denial, 
a judging process is ended while making that 2nd judgment which it is in any of said router 
section, In denial by the 2nd judgment concerned, shift to VPNNAT release processing, and the 
3rd judgment whether all remote maintenance to said Internet gateway terminal which 
corresponds in another side affirmation was ended is made, While shifting to VPN end processing 
in affirmation by the 3rd judgment concerned, it is in composition adoption of a remote 
maintenance practice which carries out a series of above processings that end the judging 
process concerned one by one in denial. 

[0053]Said VPNNAT release processing in the 4th feature of an above-mentioned this invention 
method the 5th feature of this invention method, First, a iocal IP address for VPNNAT to an 
extension terminal name for [ which said maintenance server set up on the occasion of a 
demand of said remote maintenance / said ] remote maintenance, While canceling of a VPN 
processing-object packet to said established VPN tunnel, After notifying an extension terminal 
name for [ concerned ] remote maintenance to said Internet gateway terminal, The Internet 
gateway terminal which received the notice concerned acquires a real local IP address to the 
received extension terminal name concerned, Static NAT with a local address for VPNNAT to it 
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ts released, and it is in composition adoption of a remote maintenance practice in which said 
maintenance server carries out a series of above processings in which make said 3rd judgment 
and the decision result is followed, one by one succeedingly, 

[0054]In said VPN end processing [ in / in the 6th feature of this invention method / the 4th or 
5th feature of an above-mentioned this invention method I said maintenance server makes an 
end of an IPsec session a VPN quit command, The Internet gateway terminal which notified to 
said Internet gateway terminal and received the notice concerned, An answer to the VPN quit 
command concerned is transmitted to the maintenance server concerned as an end response of 
VPN, Said maintenance server makes a demand of said remote maintenance cancel said VPN 
tunnel set up on the occasion to said VPN gateway, It is in composition adoption of a remote 
maintenance practice which carries out a series of above processings that end VPN tunnel 
processing established between the VPN gateway concerned and said Internet gateway terminal 
one by one. 

[0055]Said notice of installation in the 2nd, 3rd, 4th, 5th, or 6th feature of an above-mentioned 
this invention method the 7th feature of this invention method, By the maintenance server 
concerned which notified installation notice commands to said maintenance server about the 
installation concerned, and received the installation notice commands concerned from said 
server part of said newly installed Internet gateway terminal. An authentication key of IPsec 
which is the common information for said remote maintenance is generated, Said Internet 
gateway terminal which carried out the response to said Internet gateway terminal which has 
notified the installation notice commands concerned, and received the response concerned, It is 
in composition adoption of a remote maintenance practice which carries out a series of above 
processings in which an authentication key of IPsec is set up to said self router section, one by 
one. 

[0056]In said either one of demand of said remote maintenance or notice of setting out said 
practice in the 2nd, 3rd, 4th, 5th, 6th, or 7th feature of an above-mentioned this invention 
method the 8th feature of this invention method, It is in composition adoption of a remote 
maintenance practice which carries out VPNNAT setting processing to said server part and said 
router section of said Internet gateway terminal 

[0057]Satd practice in the 2nd, 3rd, 4th, 5th t 6th, 7th, or 8th feature of an above-mentioned this 
invention method the 9th feature of this invention method, When a failure occurrence is detected 
to said Internet gateway terminal, First, the Internet gateway terminal concerned processes 
information which will start the failure concerned if information which starts failure as a failure 
information command is transmitted to said maintenance server, next said maintenance server 
receives said failure information command, It transmits to said Internet gateway terminal which 
transmitted the failure information command concerned as a failure information response, The 
Internet gateway terminal concerned which received the failure information response concerned 
is in composition adoption of a remote maintenance practice which carries out a series of above 
processings that shift to a demand of said remote maintenance one by one. 
[0058]The 10th feature of this invention method an extension terminal by which the IP 
connection was carried out to a local network of two or more Internet gateway terminal itself 
connected to the Internet, and a subordinate of those, By establishing IPsec which realizes a 
VPN session in a network layer of open systems interconnection reference model between VPN 
gateways connected to the Internet gateway terminal concerned and the Internet concerned, It 
is a practice which performs remote maintenance from a single maintenance server of the VPN 
gateway subordinate concerned, Before building VPN, said maintenance center which received a 
VPN construction demand from said Internet gateway terminal chooses a VPN gateway with an 
empty resource of VPN from two or more VPN gateways of the subordinate dynamically, A 
global IP address of the selected VPN gateway concerned is notified to the Internet gateway 
terminal concerned, By setting up considering the notified global IP address concerned as an 
opposite host of the VPN concerned, the Internet gateway terminal concerned is in composition 
adoption of a remote maintenance practice which carries out said remote maintenance. (It 
corresponds to claim 21) 

[0059]While carrying out the IP connection of the 1st feature of this invention system to an 
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extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways. It is a system which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned, NAT is 
provided between the local network and VPN treating part in a router section in said Internet 
gateway terminal, It is in composition adoption of a remote maintenance execution system which 
carries out a system construction to functional constitution which performs grant and release 
from said maintenance center by making an address by the side of globai into a local IP address 
for VPNNAT. 

[0060]Said maintenance center in the 1st feature of the above-mentioned this invention system 
the 2nd feature of this invention system, A maintenance server which gives a local address for 
VPNNAT for VPN access corresponding to an extension terminal name for [ concerned ] remote 
maintenance in response to a notice of an extension terminal name for remote maintenance from 
said Internet gateway terminal, From a remote maintenance device which performs said remote 
maintenance, and the remote maintenance device concerned. It is in composition adoption of a 
remote maintenance execution system which carries out network construction of the VPN 
gateway which goes via access to a local IP address for VPNNAT corresponding to an extension 
terminal name for [ concerned ] remote maintenance in a maintenance center local network. 
[0061]A server part for which said Internet gateway terminal [ in / in the 3rd feature of this 
invention system / the 1st or 2nd feature of the above-mentioned this invention system ] 
notifies an extension terminal name for remote maintenance to said maintenance center, By 
[ concerned ] having notified. VPNNAT which assigns a local IP address for VPNNAT for VPN 
access given from the maintenance center concerned, and an IP address of an extension 
terminal name for [ concerned ] remote maintenance, and said VPN gateway and a VPN tunnel 
of the maintenance center concerned. By access to a local IP address for VPNNAT to a remote 
maintenance object terminal name which consisted of router sections of a VPN treating part to 
establish, and passed said VPN gateway. It is in composition adoption of a remote maintenance 
execution system which builds a function to close packet transfer to said extension terminal 
from a remote maintenance device which performs said remote maintenance if possible. 
[0062]The 4th feature of this invention system an extension terminal by which the IP connection 
was carried out to a local network of two or more Internet gateway terminal itself connected to 
the Internet, and a subordinate of those, By establishing IPsec which realizes a VPN session in a 
network layer of open systems interconnection reference model between VPN gateways 
connected to the Internet gateway terminal concerned and the Internet concerned, If it is a 
system which performs remote maintenance from a single maintenance server of the VPN 
gateway subordinate concerned and a demand of VPN construction is received from said 
Internet gateway terminal, A VPN gateway with an empty resource of VPN is dynamically chosen 
from two or more VPN gateways of the subordinate, Require said VPN construction from said 
maintenance center which notifies a global IP address of the selected VPN gateway concerned 
to the Internet gateway terminal which made the demand concerned, and the maintenance 
center concerned, and. A global IP address of said selected VPN gateway notified 
[ aforementioned ] from the maintenance center concerned to the demand concerned, It is in 
composition adoption of a remote maintenance execution system possessing said Internet 
gateway terminal set up as an opposite host of the VPN concerned. (It corresponds to claim 22) 
[0063]While carrying out the IP connection of the 1st feature of this invention program to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference mode! via each Internet gateway terminal 
concerned and Internet between VPN gateways. , It can set to a system which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned. It is a program 
used at the Internet gateway terminal concerned, When using remote maintenance service after 
the Internet gateway terminal concerned is installed, By execution of said program made to carry 
out to the Internet gateway terminal concerned, notice processing of installation which reports 
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that it installed to said maintenance center. . After notifying installation notice commands to a 
maintenance server of said maintenance center about said installation, set up an authentication 
key of IPsec which won popularity as the response concerned when a response to the 
installation notice commands concerned from the maintenance server concerned was received 
to a self router section, It is in composition adoption of a remote maintenance implementation 
program which steps on a series of procedures. 

[0064]While carrying out the IP connection of the 2nd feature of this invention program to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways. . It can set to a system which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned. It is a program 
used at the Internet gateway terminal concerned, Depending on any of button grabbing by an 
operator of WEB access from said internal terminal to the Internet gateway terminal concerned, 
and the Internet gateway terminal concerned they are. By execution of said program made to 
carry out to the Internet gateway terminal concerned, a remote maintenance request process 
which requires remote maintenance. After notifying a global IP address of said extension terminal 
name which is a remote maintenance object, and said Internet gateway terminal to said 
maintenance server as a remote maintenance demand command, In response to a response to 
said remote maintenance demand command, a real local IP address to an extension terminal 
name received as the response concerned is acquired, It is in composition adoption of a remote 
maintenance implementation program which steps on a series of above procedures to which a 
real local IP address to the extension terminal name concerned and a local IP address for 
VPNNAT received as the response concerned are made to set as static NAT. 
[0065]While carrying out the IP connection of the 3rd feature of this invention program to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways. . It can set to a system which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned. It is a program 
used at the Internet gateway terminal concerned, Remote maintenance end processing 
concerning a notice of a purport that work of said remote maintenance performed from said 
maintenance center was completed, by execution of said program made to carry out to said 
inface gateway terminal which received the notice concerned. Ignited by reception of a remote 
maintenance quit command from said maintenance center, perform processing about the remote 
maintenance quit command concerned, and an end response of remote maintenance is 
transmitted, When a notice of an extension terminal name for remote maintenance is received 
from said maintenance center as a VPN release command, A real local IP address to the 
received extension terminal name concerned is acquired, and it is in composition adoption of a 
remote maintenance implementation program which steps on a series of above procedures of 
releasing static NAT with a local address for VPNNAT to an acquired real local IP address. 
[0068]While carrying out the IP connection of the 4th feature of this invention program to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways. In a system which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned, Are a program 
used in the maintenance center concerned, and a remote maintenance request process 
corresponding to a demand of said remote maintenance by execution of said program made to 
perform to said maintenance server. In response to said demand, a local IP address for VPNNAT 
and an extension terminal name which are given to said extension terminal for [ concerning a 
demand of said remote maintenance ] remote maintenance, Transmit to said Internet gateway 
terminal which performed the demand concerned as a remote maintenance demand response, 
and. Establishment of a VPN tunnel by IPsec using an authentication key of IPsec shared 
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between global IP addresses of the Internet gateway terminal concerned. Point to a self VPN 
gateway and the self VPN gateway concerned is received, It is in composition adoption of a 
remote maintenance implementation program which steps on a series of above procedures of 
performing setting out which makes a packet addressed to a local IP address for VPNNAT a 
VPN processing-object packet of a VPN tunnel established by the directions concerned. 
[0067]While carrying out the IP connection of the 5th feature of this invention program to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways. By a system which performs remote 
maintenance from a maintenance center containing the VPN gateway concerned. According to 
said installation notice commands, setting-out notice-commands processing in which installation 
notice commands from said Internet gateway terminal which is a program used in the 
maintenance center concerned, and was newly installed are processed, by execution of said 
program made to perform to said maintenance center, It is in composition adoption of a remote 
maintenance implementation program which steps on a series of above procedures that generate 
an authentication key of IPsec which is the common information for said remote maintenance, 
and carry out a response to said Internet gateway terminal which has notified the installation 
notice commands concerned. 

[0068]While carrying out the IP connection of the 6th feature of this invention program to an 
extension terminal of any number by each local network and carrying out the bottom of rule of 
each Internet gateway terminal, By establishing IPsec which realizes a VPN session in a network 
layer of open systems interconnection reference model via each Internet gateway terminal 
concerned and Internet between VPN gateways. In a system which performs remote 
maintenance from a single maintenance center containing the VPN gateway concerned, Ignited 
by being a program used in the maintenance center concerned, and an end button in said 
maintenance center having been pushed/ Remote maintenance end processing which reports that 
work of said remote maintenance was completed by execution of said program made to perform 
to said maintenance server. It goes via a VPN tunnel established with a local IP address for 
VPNNAT, As opposed to a server part of said Internet gateway terminal which made the VPN 
tunnel concerned establish, If a response of the end of remote maintenance concerned is 
received after transmitting a remote maintenance quit command, the 1st judgment will be made 
for that of whether all maintenances to an applicable extension terminal were completed, In 
affirmation by the 1st judgment concerned, while said ended extension terminal concerned makes 
that 2nd judgment which it is in any of said server part of said Internet gateway terminal, or a 
router section, While ending this program in denial and shifting in the 2nd judgment concerned to 
VPNNAT release processing in denial, The 3rd judgment whether all remote maintenance to said 
Internet gateway terminal which corresponds in affirmation was ended is made, While shifting to 
VPN end processing in affirmation by the 3rd judgment concerned, it is in composition adoption 
of a remote maintenance implementation program which steps on a series of above procedures 
that end this program in denial. 

[0069]Said VPNNAT release processing in the 6th feature of the above-mentioned this invention 
program the 7th feature of this invention program, A local IP address for VPNNAT to an 
extension terminal name for [ which was set up in response to a remote maintenance demand ] 
remote maintenance, Carry out to said VPN gateway and said Internet gateway terminal is 
received so that it may cancel of a VPN processing-object packet to said established VPN 
tunnel, Notify an extension terminal name for remote maintenance, and after that, are a series of 
processings which carry out a return to said 3rd judgment, and said VPN end processing makes 
an end of an IPsec session a VPN quit command, Transmit to said Internet gateway terminal and 
to said VPN gateway. Said VPN tunnel set up on the occasion of a remote maintenance 
implementation demand makes it cancel, and it is in composition adoption of a remote 
maintenance implementation program which are a series of processings in which VPN tunnel 
processing established between the VPN gateway concerned and the Internet gateway terminal 
concerned is terminated. 
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[0070]The 8th feature of this invention program an extension terminal by which the IP 
connection was carried out to a loca! network of two or more Internet gateway terminal itself 
connected to the Internet, and a subordinate of those, By establishing IPsec which realizes a 
VPN session in a network layer of open systems interconnection reference model between VPN 
gateways connected to the Internet gateway terminal concerned and the Internet concerned, . It 
can set to a system which performs remote maintenance from a single maintenance server of 
the VPN gateway subordinate concerned. It is a program used at the Internet gateway terminal 
concerned, Depending on any of registration of a remote maintenance demand from said 
extension terminal or button grabbing of said Internet gateway terminal body by the Internet 
gateway terminal management person they are. By execution of said program made to carry out 
to the Internet gateway terminal concerned, VPN gateway address request processing in which a 
VPN gateway address is required. If said VPN gateway address is required from said 
maintenance center and a VPN gateway address request response to the demand concerned is 
received from the maintenance center concerned, A VPN gateway global IP address which 
received as the VPN gateway address request response concerned as an opposite host of VPN, 
It is in composition adoption of a remote maintenance implementation program which steps on a 
series of above procedures of setting it as a self router section and processing said remote 
maintenance demand. (It corresponds to claim 23) 

[0071]The 9th feature of this invention program an extension terminal by which the IP 
connection was carried out to a local network of two or more Internet gateway terminal itself 
connected to the Internet, and a subordinate of those, By establishing IPsec which realizes a 
VPN session in a network layer of open systems interconnection reference model between VPN 
gateways connected to the Internet gateway terminal concerned and the Internet, . It can set to 
a system which performs remote maintenance from a single maintenance server of the VPN 
gateway subordinate concerned. VPN gateway address request processing which is a program 
used in the maintenance center concerned, and is processing in said maintenance center 
accompanying a VPN gateway address request from said Internet gateway terminal by execution 
of said program made to perform to the maintenance center concerned. If said VPN gateway 
address request is received from said Internet gateway terminal, . Choose a VPN gateway with a 
VPN opening resource from two or more VPN gateways under self rule dynamically, and notify a 
global IP address of the VPN gateway to the Internet gateway terminal which made the VPN 
gateway address request concerned. It is in composition adoption of a remote maintenance 
implementation program which steps on a series of above procedures, (It corresponds to claim 
24) 

[0072]The 1st feature of this invention recording medium is in composition adoption of a 
recording medium which recorded a remote maintenance implementation program which carries 
out nonfiction of a series of procedure by said program in the 1st, 2nd, 3rd, 4th, 5th, 6th r or 7th 
feature of the above-mentioned this invention program. 

[0073]The 2nd feature of this invention recording medium is in composition adoption of a 
recording medium which recorded a remote maintenance implementation program which carries 
out nonfiction of a series of procedure by said program in the 7th or 9th feature of the above- 
mentioned this invention program. (It corresponds to claim 25) 
[0074] 

[Embodiment of the Invention]Hereafter, with reference to an accompanying drawing, details are 
explained for an embodiment of the invention about the example of a system, the example of a 
method, the example of a recording medium, and an example program. 

[0075](Example of a system) The lineblock diagram of the example of a remote maintenance 
execution system which is one embodiment of this invention is shown in d rawin g 1 . The system 
construction of the remote maintenance system is carried out from the Internet gateway 
terminal 1 (following and ** style GW terminal), the extension terminals 2a-2n (n expresses 
arbitrary natural numbers), the maintenance server 3, the remote maintenance device 4, and five 
nodes of VPN gateway 5 (5a-5n). 

[0076]Said ** style GW terminal 1 is premised on usually communicating with all by the side of 
extension (LAN) seven which is a local network, by TCP/IP the Internet 6 (WAN) side. Necessity 
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has had a function in which VPN gateway 5 (5a~-5n) and VPN on LAN8 by the side of the 
maintenance server 3 can be built. 

[0077]The thing called the conventional router f and an application gateway is applicable. Like 
the conventional ISDN evening-MINARU adapter, the thing which does not communicate TCP/IP 
is not made into an object by itself. In the following description, the name of a "terminal" only 
points out the ** style GW terminal 1. 

[0078]Said extension terminals 2a~2n are terminals (group) of PC (personal computer) linked to 
extension LAN7 of said ** style GW terminal 1 subordinate, etc. The server part 10 and the 
router section 11 which are contained in style GW terminal 1 main part connected to 
extension LAN7 are also treated as the extension terminals 2a-2n. Said maintenance center 9 is 
a general term for the center which performs remote maintenance which makes a component the 
maintenance server 3, the remote maintenance device 4, and VPN gateway 5 (5a-5n). 
[0079]Said maintenance server 3 is a server on the Internet 6 which manages the information 
about the style GW terminal 1 and extension terminals [ 2a-2n ] remote maintenance, and has 
a LAN interface in the LANS side in which the remote maintenance device 4 exists respectively 
the Internet 6 side, 

[0080]Said remote maintenance device 4 is an operating device which performs the ** style GW 
terminal 1 and extension terminals [ 2a^2n ] remote maintenance, and it is a premise to have a 
WEB browser function. Said VPN gateways 5a~5n are Internet 6 courses, and are the VPN 
gateway devices for building VPN which connects the maintenance center 9 to the style GW 
terminal L 

[0081 ]The http server part 100 in which said ** style GW terminal 1 performs http server 
processing, The CGI treating part 101 which is called from a http server and performs internal 
processing, It comprises the router setting processing part 102 which publishes the control 
commands to the router section 11, the server part 10 containing the command sending-out 
treating part 103 which transmits a command to the maintenance server 3, and the router 
section 1 1 which controls the IP router processing having contained IPsec. 
[0082]Said maintenance server 3 comprises the http server part 30 which receives the http 
command from the terminal 1, the CGI treating part 31 which is called from the http server part 
30 and performs internal processing, and the VPN gateway setting processing part 32 which 
publishes a VPN gateway 1 HE telnet command. Said VPN gateways 5a~5n comprise the router 
section 1 1 of the terminal 1, the VPN treating part 50 which performs a VPN session, and the 
setting command receiving processing part 51 which receives the telnet command from the 
maintenance server 3. 

[0083]Sard remote maintenance device 4 comprises the maintenance command processing part 
40 which sends out a command to the server part 10 of the terminal 1 with a http protocol etc. 
As mentioned above, using the shown maintenance server 3, VPN gateways 5a-5n, and the 
remote maintenance device 4 by the VPN tunnel 12 course of the Internet 6 from the 
maintenance center 9. When carrying out remote maintenance of two or more ** style GW 
terminals 1 and its extension terminals 2a~2n, style GW terminal 1 subordinate's local network 
address realizes VPN remote maintenance simultaneously by any cases. 

[0084](Example of a method) The VPN remote maintenance in this example of a method applied 
to said example of a system, The notice processing of installation, a VPNGW address request, 
and a remote maintenance request process. Remote maintenance end processing, VPNNAT 
release processing, and VPN end processing, "Remote maintenance implementation" (in this 
remote maintenance protocol, the protocol in particular of actual maintenance work is not 
specified.) which the operator of the maintenance center 9 actually performs with seven "notice 
commands and responses" with failure information processing As long as it uses TCP/IP, it may 
be general-purpose application and an original protocol may be sufficient as it. It is constituted 
as a communications protocol 

[0085]Seven communications protocols other than remote maintenance implementation are only 
the techniques for performing actual maintenance work (henceforth, remote maintenance 
implementation) here, and the main point is as follows to the last. 

[0086]From the remote maintenance device 4, to the maintenance object extension terminals 
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2a-2n, perform the first main point and with the application which uses a TCP/IP protocol using 
the tunnel 12 of VPN At namely, this time. The local IP address for VPNNAT is used for the IP 
connection from the remote maintenance device 4 of the maintenance center 9 to the 
maintenance object extension terminals 2a-2n, It is in carrying out certainly access to two or 
more ** style GW terminals 1 described previously, even when the subordinate's IP address 
overlaps by carrying out by after-mentioned VPNNAT1 10 which carries out functional 
constitution into the router section 11- However, if it goes via the NAT concerned, limitations 
cannot carry out application which cannot be carried out. 

[G087]From the remote maintenance device 4, to the maintenance object extension terminals 
2a~2n f perform the 2nd main point and with the application which uses a TCP/IP protocol using 
the tunnel 12 of VPN At this time. Even when an address is changed by extension etc-, VPN 
gateways 5a-5n of the maintenance center 9 via arbitrary VPN gateways 5a~5n and the Internet 
gateway from the remote maintenance device 4, It is in the IP connection to a maintenance 
object extension terminal being performed certainly, 

[0088]Hereafter r this example of a method for attaining said first main point is explained with 
reference to drawings below. There is this example of a method concerned in giving the local IP 
address for VPNNAT dynamically to VPNNAT1 10 which carries out functional constitution into 
the router section 11. The outline of the function which gives the local IP address for VPNNAT 
dynamically to VPNNAT1 10 based on drawing 2 : is explained. 

[0089]First, the extension terminal 2a^2n person of a remote maintenance object terminal is 
notified to the maintenance center 9 by **. ** The maintenance center 9 gives the local IP 
address (10.0.0.1) for VPNNAT for VPN access corresponding to the extension terminal 2a~2n 
person for remote maintenance by the server part 10 course of the style GW terminal 1 to 
the style GW terminal 1. This is fundamentally performed at the time of a remote maintenance 
demand. 

[0090]Next, by **, the local IP address for VPNNAT and an extension terminals [ for remote 
maintenance / 2a~2n ] IP address are assigned static NAT1 10. This is also performed to a 
remote maintenance demand following on **. Next, local IP address hair KUSESU for VPNNAT is 
carried out [ be / it / under / of VPN tunnel 12 / letting it pass ] by ** at the time of remote 
maintenance implementation. If it does so, as shown in *#, extension terminal 2a-2n 
HEPAKETTO for remote maintenance will be transmitted, and it will become accessible. 
[0091]Thus, by giving the local IP address for VPNNAT dynamically, even if it does not assign 
the focal IP address for VPNNAT statically a priori, Access to two or more ** style GW 
terminals 1 can be simultaneously considered as operation, even when the subordinate's IP 
address overlaps. 

[0092]In advance of VPN construction, the maintenance center 9 chooses dynamically VPN 
gateway 5i with the resource of the empty of VPN from two or more VPN gateways 5a-5n of the 
subordinate hereafter as an example of a method which attains the 2nd main point, It is in 
carrying out setting-out grant of the global IP address of the VPN gateway installed in the router 
section 11 as an opposite host of VPN dynamically by notifying to the router section 11 of a ** 
style GW terminal. 

[0093] Hereafter, an outline is explained about six protocols for realizing this example of a 
method. Said notice processing of installation notifies the maintenance server 3 that the ** style 
GW terminal 1 was installed, It is main point to encipher and receive the common informations 
(Preshared Key of IPsec, a terminal authentication password (following, Secret (ID2)X etc.) for 
remote maintenance from the maintenance server 3, 

[0094]In order to realize said main point, it is also the big: purpose also within the notice 
processing of installation to build VPNNAT1 10 to the server part 10 and the router section 1 1 of 
the ** style GW terminal 1 in this example of a method. 

[0095]Said VPNGW address request processing chooses dynamically VPN gateway 5i with the 
resource of the opening of VPN from VPN gateways 5a— 5n of maintenance center 9 
subordinate's plurality [ server / 3 / maintenance ], It notifies to the ** style GW terminal 1 by 
making the global IP address of the VPN gateway 5i into the notice response of a VPN gateway, 
It is also big main point in this method that the ** style GW terminal router section 1 1 sets up 
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considering the global IP address of notified VPN gateway 5i as an opposite host of VPN. 
[0096]Said remote maintenance request process makes it main point to require implementation 
of the remote maintenance by IPsec of the maintenance server 3. Let the maintenance object 
terminals corresponding to a remote maintenance request process be ** style GW terminal 1 
main part and the extension terminals 2a-2n. In order to realize main point, in this example of a 
method, big main point also builds VPNNAT110 also within a remote maintenance request 
process to the server part 10 of the style GW terminal 1, and extension terminals 2a-2n other 
than router section 1 1. 

[0097]Said remote maintenance end processing makes it main point to teli that remote 
maintenance was actually completed using the remote maintenance device 4 to the target ** 
styie GW terminal 1. 

[0098]Said VPNNAT1 10 release processing is aimed at releasing VPNNAT1 10 about the server 
part 10 of the ** style GW terminal 1 which remote maintenance ended, and extension terminals 
2a-2n other than router section 1 1 . Thereby, effective use of the local IP address resources for 
VPNNAT is attained so that it may state to a next effect. VPN end processing makes it main 
point to end an IPsec session. 

[0099](An example program, the example of a recording medium) The example program and the 
example of a recording medium for carrying out this example of a method are explained per 
drawing. The flow of each commo data is shown using whole remote maintenance process flow 
drawing 3 - drawing 9. "->" of each figure The notice processing of installation, VPNGW address 
request processing, a remote Menten Nance request process, It is the procedure and the flow of 
procedure which showed command sending out and reception in a communication sequence of 
remote maintenance end processing, VPNNAT release processing, VPN end processing, and 
failure information processing in the case. 

[0100]Processing carries out an opportunity [ operation of** style GW terminal 1 installer] only 
once at the time of ** style GW terminal 1 installation, ## installation notice commands (terminal 
ID and a public key.) of the notice processing of installation shown in drawing 3The original text, 
the notice response of MAC->** installation (and) [ encryption ] Encryption Secret ID2, an 
encryption maintenance-man password, the local IP address for VPNNAT for encryption server 
parts, The local IP address for VPNNAT for encryption router sections and local IP address 
router setting out for VPNNAT for encryption router sections (VPNNAT1 10, encryption 
Preshared Key) are performed. 

[0101]Then, an extension terminal 2a~2n user (the following, user) receives the maintenance 
center 9 (the following, center) from the ** style GW terminal 1, When extension terminals [ 2a- 
2n ] remote maintenance was required, whenever it planned, every, it carries out an opportunity 
[ an extension terminal users operation ], **VPNGW address request command (terminal ID.) of 
the VPNGW address request shown in drawing 4Public key, original text, and MAC->**VPNGW 
selection process ->**VPNGW address request response (VPN gateway global IP address) 
router setting out (VPN gateway global IP address) is performed. 

[0102]next, ** remote maintenance demand command (terminal ID.) of the remote maintenance 
demand shown in drawing 5 ignited by the end of processing of a VPNGW address request 
Extension terminal 2a~2n a person and a style GW terminal global address, a claimant level, 
urgency, a claimant name, a telephone number, and the routing configuration ->*#IPsec setting 
processing remote maintenance demand response for the local IP addresses for local IP 
address quota processing ->**VPNNAT for request content ->**VPNNAT (an extension 
terminal 2a~2n person.) VPNNAT110 setting out of the local IP address for VPNNAT and the 
local IP address for number-of-acceptance ->**VPNNAT is performed. 

[0103]In the center 9, the operator is checking reception of a remote maintenance demand at 
any time from the remote maintenance device 4. When the operator carried out remote 
maintenance to each remote maintenance request process, whenever it planned, ** remote 
maintenance implementation shown in .drawing 6 Js performed by operation of an operator every. 
[0104]ln the center 9, whenever the remote maintenance to each remote maintenance request 
process was completed, every by operation of an operator. ** remote maintenance quit 
command of remote maintenance end processing shown in draw ing 7 (number of acceptance) -> 
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the end response of** remote maintenance is performed. 

[01 05] By judgment of the maintenance server 3 after remote maintenance end processing if 
needed. Automatically, To drawing 8. The **VPNNAT110 release command of the shown 
VPNNAT release processing. (Extension terminal 2a~2n person) local IP address VPNNAT reset 
->**VPNNAT1 10 release response for ->**VPNNAT -> — the object for **VPNNAT — local - 
- local IP address routing configuration release for IP address translation processing - 
>**VPNNAT is performed. 

[01 06]By judgment of the maintenance server 3 after the end of VPNNAT110 release if needed. 
The routing initialization ->**IPsec reset for end response -~>**VPNNAT of local IP address 
initialization setting-out ->**VPN of the end of VPN automatically shown in drawing 9 for local 
IP addresses for **VPN quit-command ->**VPNNAT is performed. 

[0107]The above is an outline of a whole flow. The process flow of the ** style GW terminal 1 at 
the time of paying one's attention to one ** style GW terminal and the maintenance center 9 is 
shown in the flow chart of d rawin g 10 and draw in g 1 1 . 

[0108]Namely, about the ** style GW terminal 1 side flow chart shown in drawing 1 0. The notice 
STc of installation steps on STa->STb one by one, and is practiced, and the remote 
maintenance end processing STh steps on STd->3Te from the notice STc of installation, The 
VPNNAT release processing STi steps on STd~>STe^>STf from the notice STc of installation, 
The VPN end processing STj steps on STd™>STe~>STf->STg from the notice STc of 
installation, The failure information STn steps on STd~>STk~>STI from the notice STc of 
installation, The VPNGW address request STo steps on STd->STk from the notice STc of 
installation, or from the failure information STn, link directly and it steps on it, The remote 
maintenance demand STrn steps on STd->STk->STo from the notice STc of installation, or 
steps on STd->STk->STR>STn->STo, it practices, respectively, and a repetition enters in the 
meantime if needed. 

[0109]About the center 9 side flow chart (** style GWID=N) shown in drawing. 1J_. VPNGW 
address request processing ST16 ST1 ->ST2 ->ST3 notice processing STof installation 6 ST1 - 
>ST2 ->ST3 ->ST15, Remote maintenance request process ST7 steps on ST1 ~>ST2 ->ST3 - 
>ST15 ->ST4, failure information processing ST8 steps on ST1 ->ST2 ~>ST3 ->ST15 ->ST4 - 
>ST5 one by one, respectively, and it practices. 

[0110]End STof remote maintenance 9 steps on ST1 ->ST2, and VPNNAT release ST12 steps 
on end STof remote maintenance 9 to ST10 ->ST1 1, End STof VPN 14 steps on VPNNAT 
release ST12 to ST13, it practices, respectively, and a repetition enters in the meantime if 
needed. Although notified at the time of a failure occurrence, since it is processing independent 
of the whole flow, it does not touch with the failure information shown in drawing 26 in detail 
here. 

[011 1][Precondition for remote maintenance implementation] In addition, in order to perform this 
example of an embodiment, the following preconditions are required. 

(1) Share ******** information (following, Secret (ID)) between the maintenance server 3 and 
the terminal 1 a priori. Secret (ID) is embedded at ROM etc. at the terminal 1 at the time of 
shipment, and corresponds by sharing with the maintenance server 3, Secret (ID) presupposes 
that it is common to all the terminals 1 in which the maintenance server 3 performs a remote 
maintenance. 

[01 1 2](2) The router section 1 1 of the terminal 1 should have a VPN function of IP levels, such 
as IPsec. What setting out by the side of the waiting receptacle for a session is performed for a 
priori about the VPN session (in the case of IPsec, it sets up as responder). What Preshared key 
sets up dummy data for, 

(3) VPN gateway 5 of the maintenance center 9 performs setting out by the side of session 
setup a priori about a VPN session (in the case of IPsec, it sets up as an initiator). 
[0113](4) VPN gateway 5 should have a VPN function with the router section 11 of the terminal 
1, and communication compatibility. 

(5) Know the router section 11 of the terminal 1 a priori by the point in time of the notice of 
installation of the global IP address (or Internet host name) to which the maintenance server 3 
was opened. The Internet 6 HE connections set should be completed. 



http://www4apdLinpit.go.jp/cgi-bin/tran_web_cgi_ejje7atw 2008/1 1/1 1 



JP,2002~335273,A [DETAILED DESCRIPTION] 



Page 17 of 29 



[01 14](6) Perform various setting out to the router section 1 1 from the router setting processing 
part 102 by a remote console (following, telnet) or interprocess communication (socket 
communication etc.). 

(7) Perform various setting out to the setting command receiving processing part 51 of VPN 
gateway 5 from the VPN gateway setting processing part 32 of the maintenance server 3 by 
telnet or interprocess communication (socket communication etc.). 

[01 15](8) On the maintenance server 3, it has VPNNAT1 10DB. A table comprises two or more 
records which used the local IP address for VPNNAT as the key, is assigned as the field, and has 
** style GW terminal ID / terminal name. 

(9) It has a host table in the ** style GW terminal 1, A table comprises two or more records 
which used an extension terminal 2a-2n person as the key, and has a real IP address and a local 
IP address for VPNNAT as the field In an initial state, a host table is empty, 
[0116](10) VPNGW5 (5a~5n) on the maintenance server 3 enables existence of plurality. One 
VPNGW5 enables composition of two or more VPN tunnels 12 which the VPNGW5 permits. 
(11) On the maintenance server 3, it has a VPNGW tunnel table. A table comprises two or more 
records which used the IP address and VPN tunnel number of VPN gateway 5 as the key, is 
assigned as a value of the field, and has the ** style GWID. 

[01 17] [Explanation of a processing sequence] Details are hereafter explained about the 
procedure of each processing using d raw ing 3 - drawing J5, and drawing 12 - drawing 25. Number 
n-n (n is arbitrary natural numbers) currently shaken at the left in the letter corresponds to the 
step treating number in a figure, 

[0118]the notice of installation, [ being shown in <notice processing of installation> drawing 3 , 
drawin g 1 2 and drawing 13 , and ] It notifies the maintenance server 3 that the terminal 1 was 
installed, and they are the common informations (IPsec) for remote maintenance from the 
maintenance server 3, [ PresharedKey and ] It is the purpose to encipher and receive terminal 1 
authentication password (following, Secret (ID2)) and a maintenance-man password, and to set it 
up. 

[0119]using Secret (ID2) for the terminal authenticating processing after the notice processing 
of installation instead of Secret (ID) — the terminal 1 — those who used Secret (ID2) from 
Secret (ID) common to all are because SEKYURITI is strengthened. VPNNAT processing is 
performed, in order to avoid it since duplication of each ** style GW terminal 1 subordinate's 
private IP address can be considered when building VPN. It is the 2nd purpose to receive the 
straw-man private IP address for VPN for that (local IP address for the following and VPNNAT) 
from the maintenance server 3. 

[0120]** Installation notice commands (terminal server part 10 -> maintenance center 9) 
(Communication opportunity) 1-1 After the end of terminal 1 installation, the router section 11 
carries out by button grabbing to the server part 10, when the connections set of Internet 6 HE 
is completed. What is necessary is to perform the notice of installation only once. 
[0121](Terminal pretreatment) The command sending-out treating part 103 of the 1-2 server 
part 10 generates a secret key and a public key. Public key encryption, such as RSA, is used for 
an algorithm. 

1-3 Create the original text for attestation from "unique ID+ time stamp of the terminal 1." 
1-4 Generate the message attestation child (MAC) using Secret (ID) to the original text (being 
based on 1S09797-1 and IS09797-2 is desirable). 

[0122](Command transmission processing) 1-5 Terminal ID, a public key, the original text, and 
MAC are made into a parameter, Installation notice commands are transmitted as a <non-IPsec 
session> by the http command from the terminal 1 (server part 10 / command sending-out 
treating part 103) to the maintenance server 3 (http server part 30). 

[0123]** Notice response of installation (maintenance server 3 -> terminal server part 10) 
(Maintenance server process) 1-6 the http server part 30 of the maintenance server 3, The 
command name and parameter which were received are passed to the CGI treating part 31, and 
it checks that the CGI treating part 31 generates the message attestation child (MAC) using 
Secret (ID) (the same operation as the terminal 1), and is in agreement with MAC which received 
to the original text (terminal attestation). 
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[0124]The CGI treating part 31 1-7 The authentication key of IPsec (Preshared Key), Secret 
(ID2) is generated at random, a maintenance-man password is acquired from a configuration file, 
the record corresponding to terminal ID in terminal 1DB is created newly (it overwrites, when it 
already exists), and it holds in each field of an applicable record. 

[01 25] 1-8 The CGI treating part 31 is vacant from VPNNATDB91, and chooses the local IP 
address for VPNNAT as the object for the server parts 1 0, and the two router sections 1 1 , While 
holding style GW terminal ID / terminal name in the quota situation field of an applicable 
record, the local IP address for VPNNAT is held to the local IP address for server part 
10VPNNAT of terminal 1 DB, and the local IP address field for router section 1 1 VPNNAT. 
[0126]1-9 The CGI treating part 31 enciphers the authentication key (Preshared Key) of IPsec, 
Secret (ID2), a maintenance-man password, the server part 10, and the local IP address for 
VPNNAT for the router sections 1 1 by the public key of the style GW terminal 1. 
[0127](Response transmitting processing) 1-10 the http server part 30 of the maintenance 
server 3, Status (normal or error statuses (abnormalities in attestation, etc,)), the authentication 
key of IPsec enciphered by the public key of the terminal 1 (Preshared Key), Secret (ID2) 
enciphered by the public key of the terminal 1, the maintenance-man password enciphered by 
the public key of the terminal 1 , The local IP address for VPNNAT for server parts enciphered by 
the public key of the terminal 1, The data which made the parameter the local IP address for 
VPNNAT for router sections enciphered by the public key of the terminal 1 is received from the 
CGI treating part 31, A response is transmitted as a http response <non~IPsec session> from 
the maintenance server 3 (http server part 30) to the terminal 1 (server part 10 / command 
sending-out treating part 103). 

[0128]** VPNNAT1 10 setting out of the server part 10 and the router section 1 1 (terminal 
server part 10 -> terminal router section 11) 

(Terminal post-processing) The 1-11 terminal-server part 10, With the secret key of the 
terminal 1, the authentication key (Preshared Key) of IPsec, Secret (ID2), the password for 
maintenance men, the local IP address for VPNNAT for server parts, and the local IP address for 
VPNNAT for router sections are decrypted and held. 

[0129]1-12 Preshared Key which the terminal server part 10 made VPN gateway 5 with IPsec 
object hosts, The setting command (it changes with mounting of the telnet command of the 
router section 11) of the local IP address for VPNNAT for server parts and the local IP address 
for VPNNAT for router sections is created. At this time, the address of a VPN gateway is set up 
with a straw man. 

[0130](Command transmission processing) 1™13 A command is sent out by making into a 
parameter the command created by pre~ processing as a telnet command <local network 
session> from a terminal (router setting processing part 102) to the terminal 1 (router section 

id. 

(Terminal router section processing) 1-14 Setting out of Preshared Key and setting out of 
VPNNAT110 which were received are written in the router section 11. 

[0131](Response transmitting processing) 1-15 Status (normal or error statuses (abnormalities 
in a command, etc.)) is made into a parameter, A response is transmitted as a telnet response 
<non-IPsec session> from the terminal 1 (router section 1 1) to the terminal 1 (server part 10 / 
command sending-out treating part 103), 

(Terminal router set part post-processing) The notice processing of installation is completed by 
the nothing above. 

[01 32]Failure information processing detects that the terminal 1 broke down, and notifies it to 
the maintenance server 3 so that the sequence diagram of <failure information processing> 
drawing 26 and the procedure figure of the process flow of dra wing 2 7 may be shown. In the 
terminal 1 (server part 10), generating of failure of the server part 10 of the terminal 1 and the 
router section 11 and restoration are monitored continuously, and if failure occurs, failure 
information processing will be started. That is r ** failure information command (terminal ID, 
original text MAC, failure code) ->** failure information response ->** remote maintenance 
demand starting of failure information processing is performed. 

[0133](Communication opportunity) 7-1 When a failure occurrence is detected at the terminal 1 t 
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the terminal 1 carries out autonomously. 

(Terminal pretreatment) 7™2 The original text for attestation is created from "unique ID+ time 
stamp of the terminal 1 " 

7-3 Generate the message attestation child (MAC) using Secret (ID2) to the original text (being 
based on IS09797-1 and IS09797-2 is desirable). 

[0134](Command transmission processing) 7-4 Terminal ID, the original text, MAC, and the code 
of failure are made into a parameter, A failure information command is transmitted as a <non- 
IPsec session> by the http command from the terminal 1 (server part 10 / command sending- 
out treating part 103) to the maintenance server 3 (http server part 30). 

E0135](Maintenance server process) 7-5 The http server part 30 of the maintenance server 3 
passes the command name and parameter which were received to the CGI treating part 31. It 
checks that the CGI treating part 31 generates the message attestation child (MAC) using 
Secret (ID2) (the same operation as the terminal 1), and is in agreement with MAC which 
received to the original text (terminal attestation). 
7-6 The CGI treating part 31 holds the received failure code. 

[0136](Response transmitting processing) 7-7 the http server part 30 of the maintenance server 
3, The data which made the parameter status (normal or error statuses (abnormalities in 
attestation, etc.)) is received from the CGI treating part 31, A response is transmitted as a http 
response <non-IPsec session> from the maintenance server 3 (http server part 31) to the 
terminal 1 (server part 10 / command sending-out treating part 103). 
[0137](Terminal post-processing) 7-8 VPNGW address request processing is started. 
It is desirable that the failure code held by failure information processing can be referred to by 
http access etc. from the remote maintenance device 4 (failure confirming processing). 
[0138]Like the sequence diagram of <VPNGW address request processing> dr awing 4 and 
drawing 14, and the process flow procedure of drawing 1 5, a VPNGW address request makes it 
main point to notify the address of VPN gateway 5i of the maintenance center 9 which the 
maintenance server 3 chose to the style GW terminal 1. Although a VPNGW address request 
is fundamentally notified when the style GW terminal 1 has registration of a remote 
maintenance demand from the extension terminals 2a-2n, a terminal management person is also 
enabled to notify a VPNGW address request by button grabbing of style GW terminal 1 main 
part. 

[0139]** VPNGW address request command (terminal server part 10 -> maintenance server 3) 
(Communication opportunity) 

9-1 It is based on action to the ** style GW terminal 1 by WEB access to the ** style GW 
terminal 1 from the extension terminals 2a-2n, or a terminal management person's button 
grabbing. 

[0140](Terminal pretreatment) 

9~2 When started by browser access from the extension terminals 2a-2n, By making "the 
claimant name, the claimant level, the extension terminal name (multidata input is good), the 
urgency, telephone number, and request content" which are information required of a remote 
maintenance demand input from a browser, it acquires and holds as remote maintenance 
information. In a screen image, it is as a browser picture. When started by button grabbing of the 
style GW terminal 1, "a claimant name, a claimant level, a terminal name, urgency, a telephone 
number, and a request content" are acquired from the table registered a priori, and are held. A 
claimant level enables [ general or] setting out of an administrator An extension terminal name 
is a name of an extension terminal to make into a remote maintenance object, and other 
information, the user to whom the operator of the maintenance center 9 started the remote 
maintenance demand carries out remote maintenance to the operator of the center 9 — I have 
you — it is information to hit and for the intention to be shown, 

[0141]£H3 The command sending-out treating part 103 of the server part 10 generates a secret 

key and a public key. Public key encryption, such as RSA, is used for an algorithm. 

9-4 Generate the original text for attestation from "unique ID-*- time stamp of a terminal." 

9-5 Generate the message attestation child (MAG) using Secret (id2) to the original text. Being 

based on (IS09797-1, IS09797-2) is desirable. 
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[Q142](Comrnand transmission processing) 

9-6 Transmit a remote maintenance demand command as a <non-Ipsec session> by the http 
command from the terminal 1 (server part 10 / command sending-out treating part 103) to the 
maintenance server 3 (http server part 30) by making terminal ID, the original text, MAC, and a 
public key into a parameter. 

[0143]** VPNGW selection process (maintenance server treating part) 

9-7 The http server part 30 of the maintenance server 3 passes the command name and 

parameter which were received to the GG! treating part 31. It checks that the CGI treating part 

31 generates the message attestation child (MAG) using Secret (id2) (the same operation as the 

terminal 1), and is in agreement with MAC which received to the original text (Terminal 

attestation) 

[0144]9-8 The maintenance server 3 reads the VPNGW tunne! DB f search the tunnel of the 
quota situation of the VPNGW tunnel DB from a head, and the value of the field acquires an 
"intact" tunnel number. The field corresponding to the acquired tunnel number concerned is 
rewritten from "it is intact" to "terminal ID" r and a corresponding VPNGW global IP address is 
acquired. Hereafter, VPNGW corresponding to this global IP address is set to "5i." A VPN 
gateways [ which were shown here / 5a-5n ] selection process is one of the features of this 
invention. 

[0145]9-9 Encipher by the public key which received the above "VPNGW global IP address" of 
the parameter of a response. 

[0146]** VPNGW address request response (maintenance server 3 -> terminal server part 10) 
(Response transmitting processing) 

9-10 The http server part 30 of the maintenance server 3, The data which made the parameter 
status (normal or error statuses (abnormalities in attestation, etc.)) and the VPNGW global IP 
address enciphered by the public key of the terminal 1 is received from the CGI treating part 31, 
A response is transmitted as a http response <non-session> from the maintenance server 3 
(http server part 30) to the terminal 1 (server part 10 / command sending-out treating part 103). 

[0147]** VPNNG address request response receiving postprocessing (terminal server part 10 - 
> terminal router section 1 1) 
(Terminal pretreatment) 

9-1 1 The terminal server part 10 is a secret key of the terminal 1, and decrypts and holds a 
VPNGW global IP address, 

[0148]9~12 The terminal server part 10 creates the command (it changes with mounting of the 
telnet command of the router section 1 1.) for setting up a VPNGW global IP address as a VPN 
opposite host. 

9-13 Send out a command by making into a parameter the command created by pre- processing 
as a telnet command <local network session> from the terminal 1 (router setting processing part 
102) to the termina! 1 (router section 11). 
[0149](Terminal router section processing) 

9—14 Write setting out which makes a VPNGW global address a VPN opposite host in the router 
section 1 1. 

(Response transmitting processing) 

9-15 Transmit a response as a telnet response <non-Ipsec session> from the terminal 1 (router 
section 1 1) to the terminal 1 (server part 10 / command sending-out treating part 103) by 
making status (normal or error statuses (abnormalities in a command, etc.)) into a parameter 
[01 50](Terminal router set part post-processing) 
9-16 Start a remote maintenance request process. 

VPNGW address request processing is completed by the above. This the processing of this is 
one of the points of an invention. 

[0151]As shown in the procedure figure of the process flow of the sequence diagram of Oemote 
maintenance request process> drawing 5, drawing 16, or drawing J 1 9, a remote maintenance 
request process makes it main point to require implementation of the remote maintenance by 
IPsec of the maintenance server 3. 
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[0152]It is also one of the main point to notify the IP address of the ** style GW terminal 1 for 
building VPN to the center 9 in a remote maintenance request process. A remote maintenance 
demand is performed by the http protocol and the maintenance server 3 acquires the IP address 
received to the ** style GW terminal 1 from the environment variable. A VPN key and a terminal 
IP address are set up to VPN gateway 5i of the maintenance center 9 based on the IP address. 
[0153]When building VPN, in order to enable it to communicate IP level to each ** style GW 
terminal 1 subordinate's extension terminals 2a-2n, the local IP address for VPNNAT to the 
extension terminals 2a-2n for remote maintenance is acquired from the center 9, and VPNNAT 
processing is performed. 

[0154]Even when performing the maintenance to two or more ** style GW terminals 1 with ** 
style GW terminal 1 subordinate's same local LAN address by performing VPNNAT processing, 
(In for example, the case so that the two style GW terminals 1 of a maintenance object may 
exist and both the two ** style GW terminals 1 may have 192,168.0.0/24 of local networks), as 
opposed to the ** style GW terminal 1 from an operator terminal of the maintenance center 9, 
and the subordinate's extension terminals 2a~2n — IP — RICHABURU environment can be built. 

[0155]** Remote maintenance demand command (terminal server part 10 -> maintenance server 
3) 

(Communication opportunity) It is started after the end of processing of a 2-1 VPNGW address 
request. 

[0156](Terminal pretreatment) The remote maintenance information held by the 2-2 VPNGW 
address request is acquired. 

[0157]2-3 The command sending-out treating part 103 of the server part 10 generates a secret 
key and a public key. Public key encryption, such as RSA, is used for an algorithm. 
2-4 Create the original text for attestation from "unique ID+ time stamp of the terminal 1." 
[0158]2-5 Generate the message attestation child (MAC) using Secret (ID2) to the original text 
(being based on IS09797-1 and IS09797-2 is desirable). 

2-6 Encipher "a claimant name, an extension terminal name, a telephone number, and a request 
content" by Secret (ID2) currently held at the ** style GW terminal 1 among the parameters for 
notifying to the maintenance center 9. 

[0159](Command transmission processing) 2-7 Terminal ID, the original text MAC, a public key, 
a claimant level, urgency, an encryption claimant name, an encryption extension terminal name 
(plurality is good), an encryption telephone number, and an encryption request content are made 
into a parameter, A remote maintenance demand command is transmitted as a <non-IPsec 
session> by the http command from the terminal 1 (server part 10 / command sending-out 
treating part 103) to the maintenance server 3 (http server part 30). 

[0160]** Local IP address quota processing (maintenance server process) 2-8 for VPNNAT The 
http server part 30 of the maintenance server 3 passes the command name and parameter which 
were received to the CGI treating part 31. It checks that the CGI treating part 31 generates the 
message attestation child (MAC) using Secret (1D2) (the same operation as a terminal), and is in 
agreement with MAC which received to the original text (terminal attestation). 
[0161]2-9 The CGI treating part 31 generates a number of acceptance, creates the record of 
remote maintenance demand DB92 newly, and holds a number of acceptance, the receipt time, 
and the Menten Nance state (this time always correspondence waiting) to terminal DB90 of a 
maintenance terminal browser. To a table name, when a claimant level is an administrator, it 
holds as an "administrator", and when a claimant level is general, the extension terminal 2a - a 
2n person are held. The record of terminal DB90 is shown in dra wing 26 . 

[0162]2-10 The CGI treating part 31 acquires the global IP address of the ** style GW terminal 
1 from environment variable REMOTE_ADDR, and holds it on the record of said remote 
maintenance demand DB92. 

2-1 1 The CGI treating part 31 holds terminal ID, a claimant level, and urgency on the record of 
said remote maintenance demand DB92. 

[0163]2-12 The CGI treating part 31 decrypts an encryption extension terminal name, an 
encryption claimant name, an encryption telephone number, and an encryption request content 
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by Secret (ID2), and holds thern on the record of said remote maintenance demand DB92. The 
record of remote maintenance demand DB92 is shown in drawing 27. 

[0164]2-13 The CGI treating part 31 searches VPNNATDB91 by using notified terminal ID / 
extension terminal name (when two or more terminal names exist, it is about each terminal 
name) as a key t and judges whether the local IP address for VPNNAT is assigned to the terminal 
1. 

[01 65]If the local IP address for VPNNAT is assigned, the assigned local IP address for VPNNAT 
will be held on the record of said remote maintenance demand DB92, If the iocal IP address for 
VPNNAT is not assigned, it is vacant from VPNNATDB91 and the local IP address for VPNNAT 
is chosen. 

[0166]While holding style GW terminal ID / extension terminal name in the quota situation 
field of an applicable record, the held local IP address for VPNNAT is held also on the record of 
said remote maintenance demand DB92. The record of VPNNATDB91 is shown in drawing 30. 
[0167]2-14 The CGI treating part 31 creates a page so that it can indicate that it received the 
remote maintenance demand on the WEB browser of the remote maintenance device 4, Display 
information displays a number of acceptance, terminal !D, a global IP address, a claimant name, a 
claimant level, a telephone number, urgency, a request content, the receipt time, the local iP 
address for VPNNAT, a table name, and a maintenance state {refer to dravring_29). 
[0168]** Remote maintenance demand response processing (maintenance server 3 -> terminal 
server part 10) 
(Maintenance server part) 

2-26 Encipher by the public key which received ''the group of an extension terminal name and a 
straw-man IP address" among response processings. 
(Response transmitting processing) 

2-27 The http server part 30 of the maintenance server 3, Status (norma! or error statuses 
(abnormalities in attestation, etc.)), a number of acceptance, The data which made the parameter 
the group (plurality is good) of the extension terminal name enciphered by the public key of the 
terminal 1 and the local IP address for VPNNAT is received from the CGI treating part 31, A 
response is transmitted as a http response <nonHpsec session> from the maintenance server 3 
(http server part 30) to the terminal 1 (server part 10 / command sending-out treating part 103). 

[0169]** IPsec processing-object packet setting out (maintenance center 9 -> VPN gateway 5i) 
(Command transmission processing) 

2-15 The VPN gateway setting processing part 32 acquires the packet for loca! IP addresses for 
VPNNAT held by processing of terminal ID and ** from the applicable record of the remote 
maintenance demand DB. 

2-16 The VPN gateway setting processing part 32, Setting out (it changes with mounting of the 
telnet command of VPN gateway 5L) for assigning the packet for local IP addresses for VPNNAT 
to VPN tunnel 12 corresponding to terminal ID is made into a parameter, A command is 
transmitted as a telnet command <local network session> from the maintenance server 3 (VPN 
gateway setting processing part 32) to VPN gateway 5i (setting command receiving processing 
part 51). 

[0170](VPN gateway processing) 

2-1 7 Write setting out for making the received local IP address for VPNNAT into an IPsec 
processing-object host in VPN gateway 5l 
(Response transmitting processing) 

2-18 Status (normal or error statuses (abnormalities in a command, etc.)) is made into a 
parameter, A response is transmitted as a telnet response <local network session> from VPN 
gateway 5i (setting command receiving processing part 51) to the maintenance server 3 (VPN 
gateway setting processing part 32). 

[0171](VPN gateway setting processing part post-processing) 

2-19 The VPN gateway setting processing part 32 acquires whether VPN is established between 
the ** style GW terminals 1 with terminal ID which received by "#* remote maintenance demand 
command" from VPN gateway 5i. 



http://www4ipdlinpitgo jp/cgi»biii/tean_web_cgi_ejje?atw_u=http%3A%2F%2Fww^, 2008/1 1/1 1 



JP,2'002-335273,A [DETAILED DESCRIPTION] 



Page 23 of 29 



2~20 From the VPN establishment situation of VPN gateway 5i, when VPN is established, end a 
process. When VPN is not established, **IPsec setting processing is started, 
[0172]** IPsec setting processing (maintenance center 9 -> VPN gateway 5i) 
(VPN gateway setting processing part pretreatment) 

2^21 Acquire the authentication key (PresharedKey) of IPsec, and the global IP address of the 
terminal router section 1 1 from the maintenance server 3/the CGI treating part 31, and generate 
a command, 

[01 73](Command transmission processing) 

2-22 Setting out for establishing VPN tunnel 12 corresponding to setting out and terminal ID of 
Presharedkey which made the global IP address of the terminal router section 1 1 IPsec object 
hosts (by mounting of the telnet command of VPN gateway 5L) It differs. It is considered as a 
parameter and a command is transmitted as a telnet command Oocal network session> from the 
maintenance server 3 (VPN gateway setting processing part 32) to VPN gateway 5i (setting 
command receiving processing part 51). 
[0174](VPN gateway processing) 

2-23 Write setting out for establishing Presharedkey and VPN tunnel 12 which were received in 
VPN gateway 51 

(Response transmitting processing) 

2™24 Status (normal or error statuses (abnormalities in a command, etc.)) is made into a 
parameter, A response is transmitted as a telnet response <ioca! network session> from VPN 
gateway 5i (setting command receiving processing part 51) to the maintenance server 3 (VPN 
gateway setting processing part 32). 
[0175](Maintenance server post-processing) 

2~25 The VPN gateway setting processing part 32 acquires whether establishment of VPN is 
completed between the ** style GW terminals 1 with terminal ID which received by "** remote 
maintenance demand command" from VPN gateway 5i. When establishment is not completed, the 
same acquisition processing is repeated until it checks completion of VPN establishment at 
intervals of several seconds. When the completion of establishment of VPN is able to be 
checked, ** remote maintenance demand response processing is started. It is desirable for the 
state to be able to check from the remote maintenance device 4 in the stage which VPN setting 
out completed. A reason is because it is [ a maintenance man's working efficiency ] better to 
have been able to perform remote maintenance start indication, after checking that VPN 
setting out had been completed. 

[0176]** VPNNAT setting out of the server part 10 and the router section 1 1 (terminal server 
part 10 -> terminal router section 11) 
(Terminal treatment part) 

2-28 The terminal server part 10 which received the remote maintenance demand response 
holds a number of acceptance. 

2-29 The terminal server part 10 is a secret key of the terminal 1 P decrypts the group (in the 
cases of two or more #***) of an extension terminal name and the local IP address for VPNNAT, 
and holds it to a host table. 

[0177]2-30 the terminal server part 10 uses an extension terminal name as a key — the terminal 
server part 10 — with, the real IP address corresponding to a terminal name from the table (see 
by DNS etc.) of the group of the extension terminal name which is, and a real IP address, 
[ acquire and ] The setting command (in the cases of two or more ****) (it changes with 
mounting of the telnet command of the router section 1 1.) which matches the local IP address 
for VPNNAT and real IP address corresponding to a terminal name by VPNNAT1 10 is created. 
(Command transmission processing) 

2-31 Send out a command by making into a parameter the command created by 2™30 as a telnet 
command <local network session> from the terminal 1 (router setting processing part 102) to the 
terminal 1 (router section 11). 
[0178](Termina! router section processing) 

2-32 Write setting out of VPN NAT 1 10 in the router section 1 1 . 
(Response transmitting processing) 
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2^33 Transmit a response as a telnet response <non-Ipsec session> from the terminal 1 (router 
section 11) to the terminal 1 (server part 10 / command sending-out treating part 102) by 
making status (normal or error statuses (abnormalities in a command, etc.)) into a parameter. 
(Terminal router set part post-processing) A remote maintenance request process is completed 
by more than nothing, 

[0179]As shown in the sequence diagram of Oemote maintenance implementation processing> 
(remote maintenance device 4 -> extension terminalsa [ 2 ]-2n) drawing 6, and the procedure 
flow chart of drawing 19, Remote maintenance implementation processing receives said remote 
maintenance request process, Secure remote maintenance is performed from the remote 
maintenance device 4 to style GW terminal 1 main part and its extension terminals 2a-2n via 
the tunnel 12 by VPN, such as IPsec (in order to carry out via VPN). Let it be main point to 
carry out restoration of the failure of the terminal 1 which can encipher a transmission line, 
remote installation of the application of PASOKONHE, etc. 

[0180]The remote maintenance device 4 is not special, and by sending out a command to the 
extension terminals 2a-2n on the local network 8, if it is a device which can maintain the 
extension terminals 2a-2n, it can divert it to some other purpose. As a function, about failure 
(for example, Proxy failure), restoration operation (starting of proxy, reboot of the terminal 1) is 
performed, and failure is restored. The display of the log of the terminal 1 and the check of 
setting out of the router section 1 1 can also be performed. As a tool, they are a http client (WeB 
browser), a telnet tool, etc. 

[0181]About remote installation to a personal computer, it is based on remote-control software, 
such as VNC, etc. Therefore, since this processing is a general-purpose thing depending on the 
communications protocol from the remote maintenance device 4 to the extension terminals 2a- 
2n which perform a maintenance, it does not make reference in detail. 

[0182]Although it becomes a repetition, it is a point of this example of an embodiment to make 
connection with the extension terminals 2a^2n from the center 9 to the local IP address for 
VPNNAT given to the remote maintenance demand. 

[0183]** In the state where remote maintenance start processing (remote maintenance device 4 
-> maintenance server 3 (communication opportunity)) VPN tunnel 12 is stretched, From the 
WEB browser on the remote maintenance device 4 (maintenance terminal in a figure), it is 
started by a remote maintenance maintenance man's arbitrary opportunities (even when failure is 
detected by the failure confirming processing mentioned above, starting synchronizing with it is 
desirable). 

[0184](Remote maintenance start processing) 3H The remote maintenance demand 
confirmation screen of the maintenance server 3 is accessed, and it is notified to the 
maintenance server 3 by the CGI treating part 31 that the remote maintenance to the target 
remote maintenance demand was started. 

[0185](Server process) If a remote maintenance start is started by the 3™ 2 CGI treating part 31, 
the maintenance state of the applicable table of remote maintenance demand DB92 will become 
"under correspondence/' 

[0186]** Remote maintenance implementation processing (remote maintenance device 4 -> 
extension terminals 2a-2n) 

(Remote Menten Nance operation) 3™3 Remote maintenance is carried out In remote 
maintenance, an IP connection is performed via VPN to the local IP address for VPNNAT which 
received the remote maintenance demand. At the time of remote maintenance implementation, it 
recommends strongly designing the user interface by the side of a server work referring to 
remote maintenance demand DB92. 

[0187]As shown in the sequence diagram of Oemote maintenance end-processing> draw i ng 7 t 
and the procedure flow chart of drawing 20, remote maintenance end processing, Let it be main 
point to tell that the remote maintenance work demanded by the remote maintenance demand 
was completed to the ** style GW terminal 1 from the maintenance server 3. 
[0188]** Remote maintenance quit-command transmitting processing (maintenance server 3 -> 
terminal server part 10) 

(Communication opportunity) When the demanded remote maintenance work is completed in the 
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state where 4-1 VPN tunnel 12 is stretched, It is started from the WEB browser on the remote 
maintenance device 4 by the kick of the CGI treating part 31 by the remote maintenance 
maintenance man to the maintenance server 3. 

[0189](Server pretreatment) If the end of remote maintenance is started by the 4-2 CGI treating 
part 31, the maintenance state of the applicable table of remote maintenance demand DB92 will 
be "ended." The table record of remote maintenance demand DB92 is shown in drawing 3 1 . 
[0190]4-3 as for the maintenance server 3, the maintenance state of the applicable table of 
remote maintenance demand DB92 was "ended", if thing detection is carried out, The number of 
acceptance of an applicable table is acquired by making ********** into a parameter, and a 
remote maintenance quit command is created by using a number of acceptance as bara meter. 
The VPNNAT1 10 release processing and VPN end processing which explain this number of 
acceptance later are also referred to. 

[0191](Command transmission processing) 4-4 A remote maintenance quit command is 
transmitted as a <IPsec session> by making into a parameter the command created by pre- 
processing by the http command from the maintenance server 3 to the terminal 1 (http server 
part 1 00). 

[0192]** Remote maintenance quit-command reception (terminal server part 10 -> maintenance 
server 3) 

(Terminal server part processing) 4-5 If the end of remote maintenance is received, a number of 
acceptance will be extracted from a parameter and the state of the number of acceptance 
currently held will be considered as an end. 

[0193](Response transmitting processing) 4-6 The http server part 100 of the terminal 1 makes 
status (normal or error status) a parameter, and transmits a response as a http response <IPsec 
session> of maintenance center 9 HE from the terminal 1 (http server part 100), 
[0194]** End response of remote maintenance receiving post-processing (maintenance server 3) 

(Server post-processing) 4-7 It judges whether all maintenances to the applicable extension 
terminals 2a-2n were completed after response reception, and processing will be ended if all 
maintenances to the applicable extension terminals 2a~2n are not completed. All maintenances 
to the applicable extension terminals 2a-2n judge the server part 10 or the router section 1 1 of 
the ** style GW terminal 1 P and end ****** et al and the extension terminal ended further start 
VPNNAT release processing, when it is not the server part 10 or the router section 1 1 of the 
terminal 1. 

[01 95]In the case of the server part 10 of the terminal 1 , or the router section 11 , if it judged 
whether all the remote maintenance to the corresponding ** style GW terminal 1 was ended and 
has all ended, VPN end processing will be started, and processing will be ended if it all has not 
ended. Above, remote maintenance end processing is completed, 

[0196]As shown in the sequence diagram of <VPNNAT release processing> dr awing 8 and 
dr awing 21, and the procedure flow chart of dra wing 22 f VPNNAT1 10 release processing, Let it 
be main point to release the local IP address for VPNNAT for VPNNAT assigned to the remote 
maintenance demand by the ** style GW terminal 1 from the maintenance center 9. 
[0197]** VPNNAT110 release command transmission processing (maintenance server 3 -> 
terminal server part 10) 

(Communication opportunity) In the state where 5-1 VPN tunne! 12 is stretched, al! 
maintenances to the applicable extension terminals 2a-2n are completed after the end of remote 
maintenance, and when the extension terminals 2a-2n are except server part [ of the ** style 
GW terminal 1 ] 10, or router section 1 1, it is started. 

[0198](Server pretreatment) A 5-2 VPNNAT1 10 release command is created. The table record 
of remote maintenance demand DB92 is the same as that of dr awing 31 . 

(Command transmission processing) 5-3 The maintenance server 3 transmits a VPNNAT release 
command as a <IPsec session> by making an extension terminal name into a parameter by the 
http command from the maintenance server 3 to the terminal 1 (http server part 100). 
[0199]** VPNNAT release command receiving process (terminal server part 10 -> terminal 
router section 1 1 ) 
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(Terminal pretreatment) The 5-4 terminal-server part 10, A VPNNNAT1 10 release command is 
received and the real IP address corresponding to a terminal name is acquired from the table 
(see by DNS etc.) of the group of the terminal name which the terminal server part 10 has, and a 
real IP address by using the extension terminal 2a-2n person of a parameter as a key, 
[0200]And the command (in the cases of two or more ****) (it changes with mounting of the 
telnet command of the router section 1 1) which releases VPNNAT1 10 corresponding to a 
terminal name of the local IP address for VPNNAT and a real IP address is created. 
[0201](Command transmission processing) 5-5 A command is sent out by making into a 
parameter the command created by pre- processing as a telnet command <local network 
session> from the terminal 1 (router setting processing part 102) to the terminal 1 (router 
section 1 1 ). 

(Terminal router section processing) Setting out of 5-6 VPNNAT110 release is written in the 
router section 1 1 . 

[0202](Response transmitting processing) 5-7 Status (normal or error statuses (abnormalities in 
a command, etc.)) is made into a parameter, A response is transmitted as a telnet response 
<nonHPsec session> from the terminal 1 (router section 11) to the terminal 1 (server part 10 / 
command sending™out treating part 103). 

(Terminal router set part post-processing) 5-8 The record corresponding to the terminal name 
of a host table is deleted. 

[0203]** VPNNAT1 10 release response transmitting processing (terminal server part 10 -> 
maintenance server 3) 

(Response transmitting processing) 5-9 The http server part 100 of the terminal 1 makes status 
(normal or error status) a parameter, and transmits a response as a http response <IPsec 
session> of maintenance center 9 HE from the terminal 1 (server part 10X 
[0204]** Local IP address translation processing for maintenance server side VPNNAT 
(maintenance server 3) 

(Local IP address translation processing for VPNNAT) 5-10 While acquiring the local IP address 
for VPNNAT corresponding to the extension terminals 2a~2n corresponding to the number of 
acceptance under processing from remote maintenance demand DB92 and holding it by the 
server side, The local IP address for correspondence VPNNAT of VPNNATDB91 is released. 
[0205]** IPsec processing-object packet release setting out (maintenance server 3 -> VPN 
gateway 5) 

(Command transmission processing) The 5-1 1 VPN-gateway setting processing part 32 acquires 
terminal ID and the local IP address for VPNNAT from the record applicable to the number of 
acceptance under processing of remote maintenance demand DB92. 
[0206]5H2 The VPN gateway setting processing part 32, The command (it changes with 
mounting of the telnet command of VPN gateway 5) for canceling setting out for assigning the 
packet for local IP addresses for VPNNAT to VPN tunnel 12 corresponding to terminal ID is 
made into a parameter, A command is transmitted as a telnet command <local network session> 
from the maintenance server 3 (VPN gateway setting processing part 32) to VPN gateway 5 
(setting command receiving processing part 51). 

[0207](VPN gateway processing) 5-1 3 Setting out of received routing for local IP addresses for 
VPNNAT is canceled of VPN gateway 5. 
[0208](Response transmitting processing) 

5H4 Status (normal or error statuses (abnormalities in a command, etc.)) is made into a 
parameter, A response is transmitted as a telnet response <local network session> from VPN 
gateway 5 (setting command receiving processing part 51) to the maintenance server 3 (VPN 
gateway setting processing part 32). 

[0209](VPN gateway setting processing part post-processing) 5-15 Processing will be ended if 
VPN end processing would be started and it will all have ended, if it judged whether all the 
remote maintenance to the corresponding ** style GW terminal 1 was ended and has all ended, 
and it is not. 

[0210] As shown in the sequence diagram of <VPN end-processing> drawing 9 and drawing 23 
thru/or the procedure flow chart of drawing 25, VPN end processing makes it main point to end 
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VPN built by the remote maintenance demand from the maintenance center 9. 

[021 1]** VPN quit^command transmitting processing (maintenance server 3 -> terminal server 

part 10) 

(Communication opportunity) In the state where 6-1 VPN tunnel 12 is stretched, when ail 
maintenances to the corresponding ## style GW terminal 1 are completed after the end of 
remote maintenance, it is started. 

[021 2](Server pretreatment) A 6~2 VPN quit command is created. The table record of remote 
maintenance demand DB92 is the same as that of drawing 29. 
(Command transmission processing) 

6-3 The maintenance server 3 transmits a VPN quit command as a <IPsec session> by the http 
command from the maintenance server 3 to the terminal 1 (http server part 100X 
[0213]** VPN quit-command reception (terminal server part 10 -> terminal router section 1 1) 
(Terminal pretreatment) The 6-4 terminal-server part 10 receives a VPN quit command, and 
creates the command (in the cases of two or more ***#) (it changes with mounting of the telnet 
command of the router section 11) which releases all the VPNNAT110. 
[0214](Command transmission processing) 6-5 A command is sent out by making into a 
parameter the command created by pre- processing as a teinet command Oocal network 
session> from the terminal 1 (router setting processing part 102) to the terminal 1 (router 
section 11). 

** VPNNAT setting-out initialization-commands reception and processing (router section 11) 
(Terminal router section processing) Setting out of 6-6 VPNNAT1 10 release is written in the 
router section 1 1 . 

[021 5](Response transmitting processing) 6-7 Status (normal or error statuses (abnormalities in 
a command, etc,)) is made into a parameter, A response is transmitted as a teinet response 
Oocal session> from the terminal 1 (router section 1 1) to the terminal 1 (server part 10 / 
command sending-out treating part 1 03), 

(Terminal router set part post-processing) 6-8 Ail host tables are deleted. 

[0216]** End response of VPN transmitting processing (terminal server part 10 -> maintenance 
server 11) 

(Response transmitting processing) 6-9 The http server part 100 of the terminal 1 makes status 
(normal or error status) a parameter, and transmits a response as a http response <IPsec 
session> of maintenance center 9 HE from the terminal 1 (http server part 100). 
[021 7]** Local IP address translation processing for maintenance server side VPNNAT 
(maintenance server 3) 

(Local IP address translation processing for VPNNAT) 6—10 While acquiring all the local IP 
addresses for VPNNAT corresponding to the number of acceptance under processing from 
remote maintenance demand DB92 and holding them by the server side, The locai IP address for 
correspondence VPNNAT of VPNNATDB91 is released. 

[0218]** IPSec processing-object packet release setting out (maintenance server 3 -> VPN 
gateway 5) 

(Command transmission processing) The 6-1 1 VPN~~gateway setting processing part 32 acquires 
all the terminal ID corresponding to terminal ID, and local IP addresses for VPNNAT from the 
applicable record of remote maintenance demand DB92, 

[021 916—1 2 The VPN gateway setting processing part 32, The command (it changes with 
mounting of the telnet command of VPN gateway 5) for canceling setting out for assigning the 
packet for local IP addresses for VPNNAT to VPN tunnel 1 2 corresponding to terminal ID is 
made into a parameter, A command is transmitted as a telnet command <local network session> 
from the maintenance server 3 (VPN gateway setting processing part 32) to VPN gateway 5 
(setting command receiving processing part 51). 

[0220](VPN gateway processing) 6-13 Setting out of received routing for locai IP addresses for 
VPNNAT is canceled of VPN gateway 51 

[0221](Response transmitting processing) 6-14 Status (norma! or error statuses (abnormalities 
in a command, etc.)) is made into a parameter, A response is transmitted as a telnet response 
<iocal network session> from VPN gateway 5 (setting command receiving processing part 51) to 
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the maintenance server 3 (VPN gateway setting processing part 32). 

[0222]** IPsec reset command transmission processing (maintenance server 3 -> VPN gateway 
5) 

(Command transmission processing) The 6-15 VPN-gateway setting processing part 32 acquires 
terminal ID from the record of remote maintenance demand DB92 corresponding to the number 
of acceptance under processing. 

[0223]6-1 6 The VPN gateway setting processing part 32, Setting out (it changes with mounting 
of the telnet command of VPN gateway 5) for canceling VPN tunnel 12 corresponding to terminal 
ID is made into a parameter, A command is transmitted as a telnet command <local network 
session> from the maintenance server 3 (VPN gateway setting processing part 32) to VPN 
gateway 5 (setting command receiving processing part 51). 
[0224]** IPsec reset command reception and processing (VPN gateway 5) 

(VPN gateway processing) 6-1 7 Setting out of VPN corresponding to terminal ID which received 
is canceled of VPN gateway 5. 

[0225](Response transmitting processing) 6-18 Status (normal or error statuses (abnormalities 
in a command, etc,)) is made into a parameter, A response is transmitted as a telnet response 
<local network session> from VPN gateway 5 (setting command receiving processing part 51) to 
the maintenance server 3 (VPN gateway setting processing part 32X 
[0226](VPN gateway setting processing part post-processing) The field which carried out 
acquisition maintenance from the VPN gateway tunne! DB by 6~19 VPNGW address request 
processing, and wrote in "terminal ID" is rewritten "for it to be intact", and a VPN tunnel 
resource is released. 

Remote maintenance end processing is completed by the above. In the above, the procedure of 
remote maintenance was explained based on the sequence d iagram 3 - the s equence d iagra m 9 
and the procedure flow chart the procedure flow chart 25. 

[0227]The example of main story recording media makes free nonfiction of the computer reading 
of a series of conclusion procedure of the processing program procedure of the remote 
maintenance concerned. 

[0228]A!though setting out of VPN NAT 1 10 to the server part 10 and the router section 11 of ** 
style GW terminal 1 main part is performed in this example of an embodiment at the time of the 
notice of installation, This is a function for enabling VPN access without a remote maintenance 
demand by arbitrary opportunities from the maintenance center 9 side at the ** style GW 
terminal 1, Therefore, it cannot be overemphasized that the procedure of setting VPNNAT1 10 as 
a remote maintenance demand and releasing it at the time of VPNNAT1 10 release without giving 
special treatment to setting out of VPNNAT1 10 to the server part 10 and the router section 1 1 
of ** style GW terminal 1 main part may be sufficient. 

[0229]In this example, although IPsec is used and explained to VPN, if this invention is VPN of 

layer 3 level, it cannot be overemphasized that it can apply also [ except IPsec ]. 

[0230] 

[Effect of the Invention]According to this invention, the limited local IP address resource for 
VPNNAT used for VPNNAT in this way, By being assigned only to a remote maintenance request 
terminal and released in a VPNNAT release process at the time of the end of remote NANSU, IP 
address resources can be saved and the remote maintenance of many terminals can be 
simultaneously carried out as compared with a static VPNNAT method. 

[0231]if it puts in another way — the former — the maximum — " — by using this invention to 
having become a remote maintenance object terminal about the extension terminal for local IP 
address resource" for VPNNAT, simultaneous — " — it becomes possible to use the extension 
terminal for local IP address resource" for VPNNAT as a remote maintenance object terminal, 
and the number of members of a remote maintenance service object terminal can be increased 
substantially. 

[0232]And the limited local IP address resource for VPNNAT used for VPNNAT, By being 
assigned only to a remote maintenance request terminal and released in a VPNNAT release 
process at the time of the end of remote NANSU, The remote maintenance method which allows 
access from a maintenance center only to the extension terminal made applicable to a remote 
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maintenance demand is realizable. 

[0233]For a remote maintenance purveyor of service, When a maintenance center installs 
equipment of a VPN gateway, according to the access number of VPN remote maintenance, 
extension installation of the equipment of a VPN gateway can be carried out, and the facility 
cost of a VPN gateway can be optimized by extension. 

[0234]From the above-mentioned effect, for the visitor who enjoys remote maintenance service, 
when building a maintenance center and VPN, becoming the resource shortage of VPN 
decreases and the cases it becomes impossible to receive remote maintenance by VPN 
construction failure decrease in number. 



[Translation done.] 
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SBK > * — * y b b * * -f ffiiiart^ffi 

(B-f b ^x4**<£^o-/^v I P7 

y ^- b ^ yftyxSSnvy F£ lit 

isiau m yftyxs*3vy FKStt* i/** 

B«**t»t5*a-*^I P7K ^^iPXl 
y^kU*tfftVPNNAT«n-»JH FT Kb* 

^^^^t: i pmmLx^n^erio^ * b y- 
* * by- b x^s*^-r y#~-* * b ^^it 

VPNy-b «)i^HtOS I#i€fJ^^y b 1 ?- 



>?sflf*6 u ^e — b^ s/ ay/* cast* 

5, aR-fy^-*f by- b **-fi*i:tfli^h 

©ffsii**T Lfc*©a*ii^#« y b ^ 
HT&i^^ s»*»*£ttfc*rte^ v?x-*y~- b 

iWBfit^-fe^^^&oy*- b y yftyxHT^vy 

K03t#*««c:^ ain-F^yftyxHT^^ 

y KCWr««UH*tfV\ 'j^f^yrty^Tl^ 

fE^y^^VPNtt^yKfcLt^- b 
^y^tyxMcofl^**©!*]^^^^ 

^VPNNATffla-^;V7 F U*fc<J5»«N AT&fl? 

ftmmmt i pmmLx^n^tMOJ y?-*v by- 
vpNy- b 9x>f raros i*^*^©** b 7- 

^I^mVPNt * *y 3 ytSat5 I P s e c % 

sa^y^t:tffl^&w/p^7ATi)o 

ffiiB »j^«"h^ yftyx©S*i:Mt^ y b * 
yx^y^S*^a*MI2«^^-^^fi^^^mtB^ 

$^3 y^E-b^ y^^yx^t^0ftria^lfc5^*^(^T 

3VPNNATfflo^£/^ I PTKU^Mrtlffi** 
aKt«:**;tf^fcltfflB-< V^-*y by-b ?x>f 

T£ SSK y?-* y h y— b * i^S*^^ 

nwOU I P7 K U X kL<D?^Z$5^X#i$ I P s 

a»vpNy-b'^x-f tattT. vpnnat^q- 

^tll)VPNh y^WVPNftlS^^ v b fcT* 

iaj=.o>— j*®*«H*w*f- ^i:*^*^"*"* y b ^ 
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I F®^tT^n j en05>f y*-*y by- 
^Jf [:i3V^TVPNt^>3y^at^ lPsecl: 

v b y- b "> ^ -f W^>t?yxt"^, 

a. 

I PS^tT^n^HcO^ V*-** by- 

^BK&^TVFN-fey > s IFsecfe 
fi^-fey *a*e> v t~ b ^ yf * y f Afi 

VPNNAT^fa-^;u I FT KI/^TifiShfeVP 

fciuffi^ y*-*? by- b *>x-f 
sr. 

Sffi*I^M8B-f V * * b y- b * a -f ^"*0fJlE^- 
2 «l »f K C ft V P N N A TfttttoS 



ja±©— a©*j«*iitr, 

[»*fll 9 3 KfiVPNNATDfKtjttltt, 
y * yF*y*Mtfcft»T(MLfcy 

yf^y^M^i«**^^t^VPNNATfflo 

-A^IPTKW^fc, WiLLfcWlBVPN b 
0VPN»lStft^*f h^6*»t«»> f&IBVPN 
y- >»x-f fc»l/tfrV>, tWE^ b 

mrBVPN»T«iiaB, 

ffire^ y*-*» fy-f^^-^ai^K^UTa* 

X*JW*fl>«R:**Lfc«fEVPN hy*w» 

iivPN^^x^f^^y^-^^K- 
h ^ ai-f SB5EPfl ta e j siic^n'rv^s vpn b y^frtdkM* 

yxSl?Q^7A, 

[»#«2 03 3. 14, 15. 16, 17. 

hy- nrx-f«*e#:at;*oBT«)n-A 
^* b ■7-* £ i pSKShfcrt****, ss-f y 

^^« y hy^-h ^x-fffi^hS^ y?~* v bsrjg 
iStifcVPNy- b ^x>ffltOS I 
>y y 9 ^^g^^tVPN^ y > ^ yft*8W"S I p 
s e c**4tS:i:CJ:0> SiVPN^-^ ^x>f 

ET <3>^— <&«^~^* % £>y b y yfty^^fi 
VPNft#»-r ft«r»:, fjiH^y^-^'y by-b^x 

^^KT£>$Cf&£>VPNy- b -Y^6 VPNCD 

P7 Kv^^sa^fy?-^? b y— b ^ x Sft^Eiii 
^HL. ^i^f y ^ - ^ -y b ^- f ^ x -f S^fe^iift 

b£ ux^^T^cirtr^D. mrey*- h^v^t 

y^ ^^-*"T^> 

C k y b ^ yffy^lSMo 
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•7 h 7-*Hfci3V>-CVPN-fey:>'a V**ai"6 I P 

g*£rgtt£t, *<©ET^«ft©VPNy--i**x.<f 
»S9£MKtT, SttajR an*: VPN**- h^x^0 

SWR*?*: y ? E«XT1MEV P NS^^I*%ff-5 t 

iShfcVPN^ ^x>f«TOS I^Hat^KZ)* 
v hy-*WK^TVPNfe?*3 3 I P 

SSTO^^CDfit^lf" — i E- h y r-^y^&fr 

frcjco, vpN^f9i'^rKvxtwt*vp 
fflE#^*v*fc#LT«rEVPNy-h ^xOKt/ 

^twa*?* y -9 & & mhkmsc# r svpn^-^x 

— h ^ x-*f T K l/^a*l/X#>XkUSfilfcVP 
Ny-K;x^D-/OHP7FL/^^ VPNCDJ^ 

A. 



^* y > 7-^ c i p**anfcfiii«5Rft, *§^k> 

h'f~h ■>x<fig3fcfc>f y*-*«y MciiS 
nfeVPN^h ^x-fltOS I^^E^co^y h 
7-^JiKH3V>TVPN-fey^3>Sr*ai-* I Ps e 
cSSliCTSC^HAO, SiVPN^^x^fET 

«jf1B-f y*-*y h**- h ->*>f**^6«VPNy- 
h V x 4 T F UxWtffi flMEft^-teV * fiOMt 

ure-f hy-n?^-f«*^6WfivpNy 

«fc©vPNy-h «?x-f fr6VPNfflt u v-a©* 
5VPNy-^x«tM«u ^©vpNy- 

^x^^d-MIPTFI/7^ IRVPN^ 

x >r ^^zsusiT^k 

y^SSlt^o ^9 Air J: U 
[0 O 0 1 ] 

WsRSr-Y y^-*t? HS*^VPN*WfflL"Cy*-b 
fiDSMfcfcMMSeJB'*-* y^~ W yftv^^fA, 
[0 002] 

<fev***&-f h^F^x>fS* («T, ft 

-iWyh^-iJ'i^yay (BIT* * 
-f y t?*-* y hfcfiTVPN^Iffllt 'jt-f^r 
ty^^^a'i^MVftvxaM (BIT. v 
PN'J^-MVfty^^M) £LT. ^fI¥2 0 
00 — 00049 6tM^IXTV^M^i)§o 
[0 O 0 3] L**U »fi¥2 000-0004960 

*»Tft*snt^svPNV ^-h^vrtyx? 
tt„ «ftc!>ntl*GW»#K:*t-LTn»Kiy r^y-f 
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S^BSGWa©^ y^y^&fr? zfctfT^Tfft-c* 

[0004] ^It, |^>^D-^;^y 
LT, -f M«3^&*-*©W«GW©rtflf|5*y 

7K^ (KT, VPNNATffl I P7 KUX) ^n- 

(UT, NAT BOX) *«tt*fcV^W?*t)s H 

[0 0 0 8] 03 2fc*V*T„ ^7^7>hPC (a) 
PC Cb) -nVPNNATJK*-C I pa«ft 
fir-5»^0>. h ©7 F U X co3Efl:%^f fc&Ks 

#y-K©««»J»€:lttM*r*o ^7^7>FP 
C (a) ^7^-f^^7-^ (c) tr»$ 
ftT 35 9192. 168.2. 103^^^^^- h IP7K^i 
*#o 0 VPNf-^x-f (d) 14, ^-f^-h** 
(c) f3»ttSKT^9^ 
Ce) IPrKl/^t LT211.0.0. 1ft 

[0 0 0 7] VPN/I*™? Cf) 14, ^9-f-<-h*y 
F7-^ (g) cgi^nt^^ 

I P7KU*£LT210.0.Q.l**3r3 o V- 

mpc (b) a^-f^-b** h?-^ (c) \mwt 

$hl^50, 192. 168. LI— 192.l68.L264£>^>f 
h IP7F 

[Q 0 0 8] VPNy-^i-f (d) fe-fitflEG 

^ (h) tiKtt^fi. VPN^^x^f (d) "C 
ttVPN/W- ^ (b) -sCDVFN b (h) £#tL 

tcd v p n**^*- y h i: it io. o. o. o^tfsasesn 

VPN;^^ (b) VPN^-^x-f 
(d) ^«>VPNb>^;v Ch) f:*fUtcDVPN»ft 
k & l t 192. \m.2^m±m%L^ti-t^&<> 

[0 0 0 93 NAT BOX (f 10) 14, 

-*-yh (e) MCVPNNATH I PT K V^t It 
10,0.0. W 10. 0.0. 254<£>7 Kl/^*»%, 10.0.0. 1 £19 
2. 168. LU 10. 0.0/24: 192. 168, 1.2, - (*«) 



10. 0, 0. 254^:192. 168. L 254^|*ftN AT 0*1156 SftT 

[0 0 10] 192. 16S. LlflJt-^PC (b) 

iZ^xmsr^ts NATBOX (f 1 0) O-fyJ 
^ h *v y.rj-# ( g ) Mi^mmjcT K 1**192. 16 

8. 1. l<D/t* >v h i*38tfiSn5l5»3»ff76T F W *j6M0. 
0.0.1K*#*A&*ITNATBOX (f 1 0) co^fv 

y hffi-si£ffi£*U NATBOX (f 10) 0>f 
Ce) «*6fiMtJfel0,0-O.l*T©^flry 
h^SUST^t:, 9SS*r KU^3fl*102.168.1-lK:#«r 
M?>tlTNATBOX (f 10) ©•^-r-*- h 

h*?— ^ (c) lidffi^n^o 
[oo l l] ^7^7yfPC Ca) k»-^P 
C (b) IW-eawtrff^ito/^y KBTPUX«<t* 

^^f7>hPC (a) J&^t-^PC 
(b) »T©*ysJ*;W/«r* Mi, rai«5cl82.l88. 
2.103 : S£fflrfl&10,0.0. 1J "Cams *u VPNy-^ 
3i -Y (d) s:ait^o 

[00 1 2] VPN^^^i^ Cd) ft, 10. 0.0. to 
htSfrLfetOtVPNA'-^ Cf) ^VPN 
(h) iiSLt^VPNit*^^ hi: WW 

u r»«s2ii.o.o.i :»**bio.o.o.ij ©smp^ 

te®^fc3nTx~?«5fc:A5 0 y Y VP 

Nh>*H(S*UVPN^^OVPN»iS Cf 

i i ) vzmm?** 

[ooi33 vpnjio-? covpNmmm Cf 1 i) -c 

14. tV^t^yhffWftSn, raHiS:192. 18 

8.2, 103 : SMftlO.G.O. 1J h ITNATB OX Cf 1 
0) IzmmTZ* NATBOX Cf 10) "CMt, 
0.0.0, J£:f*IfflJ]92. 168. 1. IT«H»NAT#»*SftT*3 

u*se*jMrtoJu ras«?ei92. 168. 2. 103 : as«-fti* 

2.168, 3. 1J k&0, 1^7-^ Cc) 

H£> *-^PC (b) s:ift^-k*^t^o 
[0 0 14] Sfe, ^PC Cb) 4 7 V h 

PC (a) ^©V^*V^#y^^A'^<ry Hi, 
S7G192. 168. LI : S«3fel92. 168.2, 103J ^StHSn, 
vpn;^ (f) CBffS. Cf) T* 

E4. 192. 168.2. 0/24©/^^^ h Uft ©TVPN** 

-h^m-Y (d) ^VPNh^/V Ch) KWLTC!) 
VPN»*^vH:«lfU NATBOX (f 1 
0) tX/^y h*«ai^H5o 

[00 15] NATBOX ( f 1 0) "Ctt, ^flflO.O. 
0. \kL P^#J192, 368. 1. lt + »NAT^K§tlT^^ 
^t6T K P^^I92- 168. 1. Hrv^ ^T>5cDT% T F 

^«*#ffton r^ftsio.o.o. 1 : ^M^iQ2. lss. 2. 

103J fcft:*), VPN»aSS (b 1 1 ) 

[0016] vpn«S5 (f 1 1) -ett ri^e^io. 
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0,0.1 : 2MM&21L0.0. 1J k&Offl P^? 

ttt^banTf-^fcAft. vp 
Nh>*;u (h) tM'ltVPNy-b^i-f (d) 
VPNy-h^x-f (d) Tl*> vxtfv 

^tfy^*-*^*** h^ft^t$n. ras«s;io,o,o.. 

I : &{f&192. 168,2.l03J kftO, 
7-* (c) ^>yf9-^«SWo Lfe**-* 
co^j-y ttt* ^7^fr>l^PC (a) K:SJ#f 

CO 0 1 73 i^^^^WGW (f ) 16 

^y*©y7-f-<-h*y (g) kfftSKGW 

(f ) BST^7^^-V*y F7-^ (c) ?:ifiV 

KloV^T«Wtfc.-*** (f 1) BNATBO.X 

(f i o) kvPN&agp (f i i) 

tOO I 83 ft^fey^^&MGW (f ' ) 

Cg' ) <g" ) **2-3*>*K t0^7-f^h*yh 
^^7-f^^^7-^ (c) *&#*<&f|if«G 

W (f ) (f " ) EW7-f^- hV"^ 
(g J ) Cg* ) KSf LTI»» V P NN AT«itIffl 

tOO 1 91 B3 3fc»8KGW (f ' ) (f ' ) 

ft^ty^i^2o0i«GW (f ) (f* ) STcd 
7 KbA«>tf--*PC (bl) - Cb4) 

[0020] ^7-f7>hPC (a) fr^i*-- 

^PC (bl) - Cb4) -nVPNNAT»*TI PI 

hPC (a) tt, (g' ) 

h I PTFt/^So 6 VPNy-^x^f Cd) 
^^^j. }. r,-# (c) Kje«8ftXte9, -f 

Zll.0.0. l*#o a 
[0 02 1] VPNJV-^ (f ' ) y-yj<<- h * 

(e) fll£D^n-A^ I P7 F U ^ k bT2lG. 0, 0. l£ 
jfo fl fw^PC (bl) (b25 ^vpn;k^ 

(f y ) CDFSffiD-*^*^ W-^192. 168. 1.0/24K 
il^nifc^ 102. 168. L 1-192, 168. 1.2542) 7^ 
-<-MP7 3 ft, VPNy-^x^ 

Cd) fcVPN^-* Cf' ) VPNO&h^ 



[00 2 2] VPNy-h 1 )^ (d) TliVPN^- 
? (f* ) ^VPNfV^;v Ch' ) izMLT&VF 

<2VPNhv*;v <h' ) WliovPNJfft^y 

h kLT192. 168.2.0/24#»ffiSiVtv*5o 

tOO 2 31 ftfc* N AT B O X (f 1 0' ) *f V 

(e) iCVPNNATffll P7KU*kL 
T 10. 0.0. 1 — 10.0. T K U^^^Pt>-. 10.0,0. Ik 

192.168.1.1, 10, 0,0. 2k 192. 168,1.2. («■&> , 

10. 0. 0. 254k 192. 168, 1. 254T»»N ATtfRKS 

[0 0 2 4 3 ZZX\ 192.188.1.1®*-/<PC (b 
I) Cb2) £oV^#§T£k, NATBOX (f 1 
0) fD^-f^- h*? Cg' ) fllfr6j3S«S 

TK!/^ 192. 168. 1. lO^fr v h #3£ffi*n*IKU:$8« 
^7 K V ***10. 0,0. lK;StM6tltNATBOX 

(f i o' ) ©4 m^fiSHjsn, natb 

OX (f 10' ) <Z>-f f (e) W#*&2Hg2£ 

10.0.0. lSto/^y h#S2JitT£k, i£®*T K 
#192, 168.1. ItlWAfehTNATBOX (f ) 

[0 0 2 53 VPN/U-? Cf * ) Bu y^-f N * 
v h *7 — * Cg" ) Kl*«S*XtfeD, 
(e) $il©:?"n-/^U IP7F L> * k UT210. 0. 1. l£ 
n-v* V-^PC (b3) (b4) ttVPN/V-^ 
Cf" ) <£ft§En — ;fr;t/* 7 h7-^ 192. 168, 1.0/24C 
StlTfe^ 192, 168, K 1 — 192. 163, 1. 254<?> -f ? H 
h I FT K UXftjf-o 0 
[00 2 63 Sfc, VPN^^x^ (d) kVPN 

Cf" ) tt„ vpN0hy^;v Ch" ) ^«^b 
t^5o VPN^h^x^f (d) toypn;^^ 
Cf " ) ^VPNJVU (h* ) CJfLtWVPN 
^ ^ LT10;0.1.0/24* l K5£^HT*3O^ V 
PN;i/-^ Cf" ) T?*** VPNy-Hx^f (d) 

h k LXI92.168.2, OWRSSm^Se 
[0 0 2 7 3 * fc, NATBOX (f 1 0" ) 14, -f V 
^-^^h (e) KKVPNNATS I P7 KUXk L 
TIO/0. L 1-10.0. L 254© T KUXt»t»> 10.0. L lk 
I92.168.1.K 10.0. L 2k, 192. 188. K 2, . 
10, 0, 1.254klB2. 188.t.2B4T*0»NATtfttfe* 

[OO 283 C^T% 192. 188, 3. SOT-^PCB 5ro 
^-Cf 'ltSi:, NATBOX Cf" ) ©^-f^-F 
* ^ F (g w ) W^^^MtcT K U 192. 168. 1. 

icr?/^^ *v h j^atmsiiftStiiiaiassr ku^^io.o. i. 

lC§S«Ae>ntNATBOX Cf" ) flW 

^ Ce) M^asman. natbox (f ) cd -< > 
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(e) fflfr*>mffi$G\O.O.hl$&X<?}rttr y b 

fimmr%£, mm$tr f 1^^192. ies. i. iks^bi- 

(g" ) «K*ffls*i£o 
[0029] **-fe>#**&flHKGw cf j ) 

(g' ) (g ff ) P2o*0, -tCD:/*-* h*v h 

b*^y b r?-^ (c) <Z>!Si8G 
W (f 1 ) (f w ) ET^v-f b*yh 
<g' ) (e* ) C»LT«HBV.PNNAT««*ra« 

[0 03 0] f^^n&M^ IfjIB^Lfc risatGw 

rff«GWN (N^ffiftcDe**) #<z> 

[0 0 3 1] f.T, H 3"3E3Rf ffiVPN 

GWSH*ET®^9'f ^7-^7 KU^tfl 

^-MPT Kl/^*#»VPNNATT«lH)#»fc 
NATBOX^O^-*^ b«£>T F UXftWKSSffl 

nnatjsj t»*r.tic-r6* 

[0 03 2] 4fe % W2000-00049 6tt 
iry^OVPNy- h <{rx-f (D^n — I P7 F 1>X 

>f CD^a - I P T F l»X&M£>^TmffiT% t V> 
[0 0 3 33 

fSteVPNNATj ^fciDtS^sV*©^-* ^ 

b * y h 7 — ^ tfLt7^ J b^T^i^> ItStt 
GWWi:VPN^ h ^x^Ht'VPNfeflJStSI* 
»«G W»*K*V>TV P NN AT.ffl I P7 FW 
^^/7'f^-h^yh7-?^^o-^^IP7h^ 



* *<F«TK:»tt V P NNATTi 0 Wttfe < sEHBtf** 

[0 0 3 4] «**y£«#:2.--*£ , im 
tSVPNNAT«IP7PU^UV^ C^^-f-^- 
MP7KI/7) »«WfceDtll«GW**ET©:79 

#«K»*ftft«0VPNNAT« I PTKU* 

■ry-^WStUo tftbfeffivPNNAm 

«?5^0^^-HPTKI/^*ftoti 
6 7 0S#fl)»WGW»*ET©rtll*ii* 

[0 0 3 5] 01 AST* H^*£>y^^--b7 FH* 
PNNATffl I P7KU7U V-^fc LTf'J^ U 
fSffiGWW^fiT©:?^ b *v F 

=PAnAlt«GWS*ET0^^W ^- b*v b<7-^tf) 
#7** hv^^m 1 6 If y f/f ofc»^B«*«& 
2 5 6anA©f»atGW«3RET©*5|ct^^ 

[0 O 3 6] MVPNNAT^ffi^T, # 

if2 0 0 0-00049 6ec^^ft^£ftTV^V 

pn y ^- h y > t ty^ftff yt-f^y 

r * V 71 & & W fc»* G W^mETCD^T © rtttM 

t0WW*Jffl#**V PNy- F^i^f OWS V P Nir * ^ 
^R^Si^i^ Sfty^tVPN^h^i 
^f^ittLTWt SifcKtf&O, VPN^ 
- h ^ x-f c?>^n-y<;v I P7K l/XSW^KiRES* 

R^A^ff^^^s VPNy^h^yfty^ctt 
Mffl T! S «c h v> -5 waAtf* o fco 
[0 0 3 8] rilRltoV^T, *ftw©iiift-r-^****c 

[0 O 39] 0>BWtt, 6^ 

* y h !? - ^ 7 K 1/ XOHI tlf* bfcUfcO 

^V^T^^, U^-h^ V^^V^SSTftaJWJfEGWiB 

P7 Kuxyy-^«>±iR*-eff#u "HTlftftPRD** 
c5*ssKGW»*atf*©ETc!>ni»**a) v ^- b > y 
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[00403 ^^mcom2om&}^, u^^>?m&x- 

^-^t:fIt§VPNNATS I PrKi/xyy-x 
y^ ^yx^^jg^^ n-i^yft 

[0 04 23 **W0#40Bl»tt, VPNV^-b^ 

t>^0»ffjffl*^ VPN^h^^^MVP 
N^y>'3y#£jB^&#£s S^y^fijT'VPiNy 

tVPNy- b ^x^^nw'Uv I PTFt/^W* 
LfcU — b >rtyx|«m 

[0 0 4 3] SJfflS, a®> 

[0 0 4 4] 

[flM^»ft^£fc&©#®3 *JSW#fttt, JbSSSUl 

ncofmm**. i PttttLx^n-^n^-f b 

UVPN^-^x^HtOS I#JH J E7 s ^©*y b 
7-^lt:^XVPNt7 y g ySrSeat* S IPse 
c**S:-r SVPN^-h^x^^tff 
— 6 y b * yf^y^&fro^ifi^ 

N»«iWi:©|B|*rVPNNAT*«», ?u-rtfrWo 
TK1^^*VPNNATSd-*^I P7K^illX 

y*-** by- b ^^-fffi*@#:^t/^CDET 
©n-*>v*y b 7 - ? K I P»«snfcrtH«B**, 

^shfevpNy- h ^^tos i &m*zFA> 

IPse c&Wirt-*::i; SttVPNy-h^ 



- F^x^f^f>VPN0gt 'J V-X<3DS>^VPN^- 

H>x-r*»ttir«RLT, SiSSSlifcVPNy- 
h«?x-f cpi^n-A/V I PTKP^*SHEY 

«rS»VPN<Z)StI&l*^ b t LXKjetff-S rtC* 
ki Pft«it*hfh«o^f-*y by-b^x-f 

-^x^ IHtO-S I #l^7^0^ * b 
MVPN-fey^a y^r^mi- £ IPse c£*#t"3 

0. SStt-f y*-*y h**-f 
^F*Hr. JtOfflTKn-*^*^ b«7-^iiVPNA» 
aStCDMtrVPNNAT^aftSW, -EURICO T 
KUXtVPNNATHn-*^l P7Hl/Xi:ltS 

y 9 fr*H4&jtmik*ftx*mmmmz > * 

fAfllfc, ®>fV?-*y bC» 

«s*ifc«*©^ y^-* v b y- b ^x^«*afr& 

tf*OET<Da~*/k** b I P^jftg£iafcR 

ISS^^s S8^>^-^yhy-f^x^«$i:^ 
* — * y b irSfJRSHfcVPNy— b x -f HTO S I 
♦BR^JWtfD** h7^lCj3lr>TVPN«b^>s y 

*sea-r* i ps e c*asr-r4^i:jrj:o. ^ivp 
Ny- b * x ^ isT^f-osff-M^ & u 1 y 

b^r- h -> *-f **fr&VPN«»®M**ttfifc, 
SB(DeTO«R0VPNy- h*x-f*6VPNfl)4 

P7KU7&, a*K**fcLfe'f y^-*y by-b 

^C»bTS(raEVPN*SlcD»**1 i f^i:^K:, Sttff 

*c»*r § ^t£S^ y ? a* ^ msii *n a n fcfriEJiw 
*, aifcvPNostiRi*^ b k LT^^r^Mie^ y> 

[0 0 4 63 *ii^n^Afis ±IBK)a©»ifeic^ 

I PjRUKLT-th^ii©^ y^-*y FY-^x 
©SET fc a^n^ncD-Y y^-* 

v by — b ■> x -f k -Y y^-^,^ h^^lIVPN 
y- b ^ xYPItOS i#B^r;V0*9 b 
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:fc^TVPN-tr* > b I P s e c&m^r.-t 

^ T J ^- b A >t- + >Z&1j j 5 S'XF i^-f V 

NATJin-a/i, I PrFI/XtUSM^v^^ 

m&&m, cm v?-*v htzmmzfttcmm&j y? 

-^■Cft^TVPNt^ 2/3 >£3igiT3 I P s e c 

^e>itftsnfcvpNy-h<;x^r fu^*> vp 

fc. ea©*ET©«ftcoVPN^-h 9x^*5 VP 
Nffl* »; V^O*SVPN^ b ^x^f SrftWKSiR 

ft, SRVPN^ > -> x ^ 7 K Ift-f y 

* -* y b b x «*ira*DlTS«,a*flH«rSttf 

to 04 73 *M9CftK#M:, ±C»«<&*&KSfc 
[ 0 0 4 9 3 1 &i&m±, #t3-#;w* 

— J6u i^nwo^ y ^ y» ^ x 

k-t Y ^LTVPNy-h^x^tOS 

>^it^ I Ps e cMtttFSEfcE: mMV 

PNy- b t^ft^tr«*-fey^3^&y *e- v * y~r 
-^Hy-h*)x^smnt§;^^^rt}:, ^co 

SlFSBa — v b 7 — * iiVPNM^tcDlOirVP 
NNAT*R», ^n-/s>fflcD7Ki^^tVPNNA 
T/Ba-a/u I ft KP^ilLTlfjfa^-fcr^^O^ 



- h y >^^y^^0Suiertlss*^##t"^vPN 

- b ^ yft>^fti/Xt;>^i: iTi/^^y^t^ 

n^IPsec (&S!!E«&fflV>fc: I'PsecCiSVP 
N b y*^©l£S:SB<0VPN^ h * x >f £f8:SgS 
IiVPNy-^x^:SLTVPNNATfflp 
-*/M P7F^S®/^y hMIEMtefcLfcVPN 
b y*>Utz>VPNAa*Hfc^*y Kk-r&«je*firV\ 

I P7F U^klffiVPNNATffln^^ I P7 K V 
^ t tifiNAT k IS BCD A'-**C:» t tRJEftfl 

y r ^ y * nm^mom^m k * *«, 

tO O 5 1 ] *ftW*»©»3CDW*t*. _fcffi*»«:# 
tt<Z>»2©»«Kl*5tt*«riBy ^-b-tfy^yXCDSg 

*CS*LT* friBVPNNATJBa-fcjM P7KV^ 

■emriBflistsnfeVPN b y^^^fttt, WEfiW 

tO 0 5 23 #aW^*<0*4CD»»tt. -MB^UffllSr 
tttft>»2Xtt»3<Z)W«K:j3W'«*l3 y^- bM y<r* 
>*<DWTifi* jfe-r, MiHVPNNATMn-^;HP 

r k u^-c«rsB«sisnfc vpn k it, 
^coM. s»y b^ yftvxrr 
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J&*©*3¥iJ»r&:fJW ^®Eif3W^TKT#^<3?^^-K« 

So 

[0 0 5 31 #fti!:£S(©JS5©4#|*tt, ±IB*Slffi*- 
H^cOgSC^LfcfflflBy =£— yx >7-±vxi®Mt.<r>ft 

M^C^t^VPNNATIo-*^ I PT K 

PNNATftj-^^y f \s x t ®mmN at *mwc 

U SIMS, gtfffi«'**-A**, OTB«F3«|>f*m^ 
[0 0543 *S5WSrjfe©» 6 CO 1**1*, ±.fd^^^* 

&cd^ 4 xtt* 5 *5t* surge v p N^-T^ta 

**, fflrfBfit'**- A**, I ?s e ctji'/g y©^"^ 

vpN»73?yFiu, are-Yv^-** hy->- 

by- h -fifS*^, ||!VPN»7 3?VKKJJf 
5iigiS;?r^K^-y-"-^KVPNSIT 1 Lt 

1EVPN h y*;i<£jim;*-ti\ SiVPNf-^i'f 

^iijsk^ss t t nc s y * - h y > y * y xmm^mom 

Mftl^vy KftSWfcSIMW*- ifJiE 1 ;^ 
- t- * y^y ;*©feS&©#af!MK"C&.5 I P s e c © 

fcifFE-i' y t- y— h v jc-<^mz 

U iSRi'XjitvxfcSetfclME'* y*-*? hy- 

b->x-fifi*j±, i p s e c©igffiM : feaa©fjia^- 



5. 

[0 0 5 6] *ft9i*a©»8 Jiia*l6W^ 
$£©$£2, S3, flS4, *5, ft6Xtt*7ffl#«K:iJ 

*, «nB»*a*B<of!rii*»— *Kfev^-c v «rag-f y?- 
*» hy-h^x-f^wifrgE^- /*apfttfSSraB/i'- * 

y y y * §?iS^©«^ffl c * . 

[o o s 7i *»iH;&£©#9®#am» ±m^mi5 

$lfflf&2, ^3, Ig4, *5, #8, K7X(ii8©# 

K*ss«Lfc«raa-f i-y- h ^x^s^eas: 

XjKViaSrSfiLfcStt-f Yf- Y ->x^4g 

v Y\zmm^ntzm.m.co4 yy-y^x.^^ 

fltt^©fiTtDa-*^? I P^M 

^tmm-^ ^9~-%v y ctisnfcypN^'- h x 
-frsiros r^^^^©^^ h y"^'H^3^3V^TVP 

N*-y s y^Hm-TS I P s e c ^Stirf" SCtCJ; 
^V^ - >r^-y^^fif-5^i!(6^-ei&-=T, VP 

©ETcO«?S:©VPNy— ^x-f^P.VPN©St 'J 
y-X(5feSVPN*'» > ->x -Y SrlbWCS^tt, S 
KSRSHftVPNy-h^x^ffl^D-A^I P7K 

TR^fefi 1 ^ r 0, ItlBU^- Yj* >t + >x* 

mm l t <t s u ie - v ^ v y * > x 3g*^s ©*$^ffi 
(11*31 2 i ear *S) 

COO 5 9] #ftW*/^f AO*l ®4MR«, 

fnfnc-fy?-** h-y-h'i'x-fis*©^iiTi: 
mK'C'i h&frtxvpNy-b ^x^wjt 

OS I #PM*r;P©* > 7-^Si:fe^TVPNty 
PNy— Y ^x'ffttf^ty^A^'Jt- r-^ 
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h7^tVPNftMtO»tNATttttt, ^n- 
^MB]<Z)T KU**VPNNATfflti-*/UI P7 

[00 6 0] *js«.^^f i A©S20«fti4, 

«i/7f A®Sl^#tt:^1t§tia^i:y^^ Iff 
fe-f h^-b *x-f *i**&y *-b pf yr 

<?>„ nsy ^- b y y x ±vx*f«: cd tr*f^s 

t*VPNNATffln-*/H P7K^7^tXt 

[oo6i] *mmiszri.<Dm s commit, ±12*^ 

VPNT^-b^fflc&VPNNATJBn— FT 
x^Ii'J^Myft y xs* jBlcd rt«RSS5fe« © I p 

ftSVPNNATfflo-*^ I FT KU^©7^* 

to 0 e 23 *aw^^^^«>*4c5»#tRtt, ^y^- 

^3g£^t£-f CgtSHfeVPNy- b ■> 

PN-fe^ 3 y&seHf* 1 p s e c *»at-r*c: £*r 

£9. IS V P Ny- h x ^ ETfl>*-0«^f -/^ 

is-<y# — h y- h f? x^i^^vPNiioS 
*t:»t«»fc, t©ETfi)*ft<ZiVPNy-h'>x'f* 

6>vpn^5 y y-xoDfe^vPNy- b ^ x ^ &i& 



m$k^* >?£lmlt mmv p n«« ^>s* -5 ^ * 
fcflWea&sttfcvPN**- h**<i 1 p 

S&VPN©»|nr3fc:a b £ LTRffi-TSffi 
gE-C V*-** htf- b *****fcft*»LT:&« y 

[0 O 6 3] *S«'/o^7A0Sl ®W(Rtt, ;&u- 
**** b 7^trJ:9ffi«^OrtMS*> I P*«L 

tTft— a^n-?n^y^-*7hy-K*)x 

yy 3 y^st§iPsec%ifi«:^, iis^ 
v p My- h ■> x 4 £*tr«<?-fe y^^p>n-h^y 

w'y^^y^-^x^f i^Rtsnfetm, 
y^ — h^yfty^- tfx*w«r8»-frc WE 

v b b ^ x -f *B*Kfffc**«riE 

y * cDft 4 *^- AdSS«a*P^ -7 y K £M£o L fcfti:, 
MM^-^^^^sitsift^^y Kt*rr* u 

X*V7^it^^3il/^*yX^LTfttfe 1 p 
s e c <Z>lgiei£:tB£>;i — ^fflfiz^LT89;S*rs. — 

Moy^m^m^t£^ y b * yftyxgt^ ^ 

[0 0 6 4] *^yn^7A0!2«^ 

fcr*>— i^n^-fy^-^^.^y-^x 

-fSB**:-/ V*-** b ^LTVPN^Wx^ 
v5/s y£S!3!-t& I P s e c«4t^at, iggfc 

vPNy-^x-f y^&^y^-b^y 
^^-r y^-^^y hy- h vxjm^®, mm^m 

h ^ yfty^^f*ts n-Myfty^g 
»ftT?**«WBrt*»**aviiriB-f hy- 

h^x^K^)^n^;l/IP7KUX^ y^E-b^ 
yftyxS*3?yFi: LT|trfB#^^-AfziffiSi L> 
fc^fr. fiuSB 1 ;^- b^ yfty^gt^vyKt^t 
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SiUX^V^^ tlgttfcVPNNATffio-ijil/ I 

[0 0 6 5] ^m^vy^Awmswmmt, 

*JU*y b 7- ^ C J: Off t I Pill 

T^n^ftoM i^y- b ^i^jotiT 

^6-^ ste^n^ncD>f y*-** h y~ h 

tOS I h «7^|i:^TVPNt 

I Ps e cftiStS^i:^ Sifc 
V P Ny- b x 4 fe^trfe^-fe V* U *E— b ^ V 

mz^^y? J: ofrton^tris y ^-b ^ vt^v * 
Kft^fcv^fr&oy^E- b^ m 4 -/7»73V>K 

P T Kl/XC#t*VPNNAT»o-*^7 

L0 0 6 63 *»987 p oy9AfiDK(4©W«tt^ 
**** h y-^l-^OffigSccDrtMffl*^ I Pill 

^ftfn©-f>^-*y by-b*^x 
^ffiSh-f ^-^yF S^HVPNy- h *x-f us 
XO S I v b ?-^Jf SX&V^VPN^ 

y'/syMatft I P s e c MHtrac fc:^ Stt 
VPMy-^W ft-S-trft^-b y?fr-6'i*-h^y 

v^oWStRzjWJCT^y^- b^ yfty«««it 
*tr^£ y b x y^^v^SfrAojWIErt****^^ 

asfflr-rskftCs sbk v*~*5>>y- k * was* 



Ps e c c^lIfEM&MV^fc I PsecCJ:$VPNh> 
*;v<£>*Ii:£, §B<£VPNy- b *x^tr«^u g 

acossvpNy-h^x^trsa-LT, vpnnats 
issnirVPN b y*^cDVPNjaa»ft^y y b k 

[0 0 8 73 #»W^n^A.©jW5©W*tt, 

T^n^n<zM y*-** by- b ^ w s*£>:3[i6T 
— SiWfti0^y^-^^y-H)x 

-f**£-f h«:*LTVPNy-h9W« 
tOS I ♦J» i Ex/KZ)*y b 7-^lt:^TVPN^ 

a > fe^at s i p s e c fe«3its ^ 

vpNy- b ^ x -y ft-s-tofi^fev**^ y ^-My 

^-^^ y- h>>i^»**6®RKttI3^>Kt 

msi- stsisi ^ v v KA3B*nriE« s 3 B 't > 9 vmt> 

$8T*fe£ I P s e c0fgSE^££^LT, gWRVsMl 
nvy KtaftUTSfctUB^ by- b^x 

#y — b a >Ti-> xmm^v &<Dmf&mmfc& 

[0 0 6 8] *ftfl^D^AC!)*60»*ia, 

T-tn^en©^ y^-^v h y- b x -r s^gd^sst 

* HSR*:* b^r^LTVPNy- b «> x -f |H) 

TOS I M^^O* y h V P N-b 

y^>H 1 Ps e c&^iLT%Z fcl?. it 

VPN^~ b e?x-f ^#tr*—£D^-feV^^5»y * — 

-bX >x^>XCDf^*W7 LftitSIfttSn 
-b^ >x^y^^7»M^, WBfift^-^Kifffett 
^WSa^ny^ AcD^frir J: D> VPNNATffin~# 
/HPT Kt/^tl4SnfeVPN h y*/U*K*L 

by- b >>x*f SK*0*-/t»^StUT:, 'JT-F^y 
7ty^»T^yF^fbfcIt:, ^tty=e-b^ 
yft >x»T®l'^*v»*S«T*i:, K^FW*ffi 

ftffv^ SI«tl*»r^Tir«0»*K:i±S*»TUfc 
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* * b^~ b ^i^JBtc^TSH-MVffV^ 

& i; v P NUTffll^fif t ^ - ?J, 
feRmsut- b^ y *%itfc?u &<&m 

[00G9] *Sl^o^7/,0i7(?)§f|ft JhE* 
ft«^n^^CE>»ees>W<Rk:33tt*|(fEVPNNAT 

feV =6- h^>^^V^^^rtlg^5(c«^*ff &VP 

N b y^M^VPNfel^^v b 5 
flEVFNy- h£x>f £#LTfrV\ BuSS-fV^ 

**, I P s e ctey 5/ a VO»T*VPN»T 3 

i: IT, ffE*f V*-** by-b*x^«*s;:*f*LT 

it it, friavPNy- b^x>f sr. y^-M^f 

SiVPNy^^x>fi:S^^y?^^^ 

y- b ->x«*fflti4$nxi^vPN k>*/h& 
lira t?*7 u <&nmm & £ 0 

EOO7O]*^a^7A0f8©ffci, 
-Y^S*2lt;*<Z)ETcDa-*;V*y b V-^tr I P 

WSfcSSH' v*-** h*r*iltsnfcvpNy- b 
vpn*? v %/ & y&$m?z> i p s e c ^*^-r^^ £ 

JCcSO, SSVPN^- b ^x^STcD*-©^- 
WfrfcASWE-f ^^'yhy- b *x**S**ft 

034f^y»ffofirn*K;j:o^ vpn^f^x^tk 
SWe-f y*-* * b y- b *x-f s^Kifftoiiafflrc^ 

PNy- b * x -f 7 K l/Xfl)I«*ff "5 

^-fe frftaKKSUcWt^* V PN^- h ■) x ^ 7 P 

x-f7Kl/^S#UX#y^k iTSatfc V P N^- 
h^x^D-MIPTK^^ VPNO^tfRl^X 

b^bx. ae^-^ascttjet-c, mre'j^-bj* 



■eft* v^- b ^ yx^v^sea^D!^^^©***^ 

[007 1] *^^n^7A^i90#t^ "f>* 
-Y»*i#:Rtf*fl!>|BT«>n-*^/*y b *7-^Ki I P 

<<m>££<< y?-*v hizmmgntzvPNF- b^x 

-f IHTCOS l&m. : Zy T A>C0*y b 

N-fe y */a y*mMt% IPse c & £ £ M J; 

D„ SiVPN^F^x^fgW-OS^^ 

v*—** f^f^x^«^e>0VPNy-b ^x 

PN^- h 9 x -f 7 K U^K^Aa*^** 1 *^ f * 
* by- b *>^>f «3N**61Kf|BVPNy- b ")x>f7F 

- b *x^f,VPN2S 9 V-^OiSVPNy- b 
WPNy-^x^i^a 
-/WW I P7F^t SBfVPNy-h^x-f 7KI/ 
X®*^^:Lfc^ 2/*-* s> b y- b 

?& y WieD— atD^Hft^-e&^y^- b^ y^T- 

[0 0 7 2] *»WE»»»©«ia>W*^, ~Lt£#^ 
H^a^^AOMrU £4,' 1*5, »6X 

[0 0 7 33 *ft«E*<ff#<3E>$*2a>#tta> ±IS*;#£ 
^/n ^9A©«7Xtt*9(DW*Ki*Stt*«rE^a^ 

^^frr<fc 5— 3g<o#«s*g|jgbT;*^ v b ^ y^T- 

>^^]»^O^^AftE«bfcE««*CD«i**fflCfe 
[0074] 

[AHaMKaMH BIT, iftM§#itt, 
W ft *©i>x?A«. EftKftttl 

by— b*>x^«*L («T. ttMGWSB*) , f*f«£« 

*2a-2n (nttffitCDSIR***t) . 

3, »Jx^h/yf^^«|4, VPN^-b^x^ 

[0 O 7 63 ffifgattSRGWiS* 1 i±, ffl^-f 'v 
h6 (WAN) «ir, n-AA'* *;t *7-^"efe^rtlft 
(LAN) 7«ObfKttiTCP/Ip-ea«t*: 
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[0 0 7 7] f*©il-M^7/H-i'9yy-h 

t0O78] fff^WlK«*2a~2n(4, itJiefif^GW 

f«GWi*l *#C*iM5*-^ 1 0 
1 1 tM$2a~2niLTt9, ftjlE^-teV^ 
8S, m-A3, >; ; E-hjtyfty7$l4, V 
(5a-5n) felt A** fcT* 'J 

[0 0 7 93 IWafit**- A3 mtGWi*!^ 

[0080] Awayi- i-y >ft>^si4ft, it* 

GWS* 1 2 a -2 n © >J =E- h * > T -f V 

ti*^trst?&s 0 frtavPNy- h -^x -f 5 a 

9^VPNWT5fts()©VPNy- 

[0 08 1] ftrlEfl SfEGWJS* 1 ti, htt p*-AM 
ffi&fr^h t t pU—A«l OOfc, ht tptwW 
€.*HfnTrt»»3a*fi 1 -5CG lassei 0 1 t, 

1 0 2 t, m-rt3C3 W KftStti K 
j£ffi#UISP 1 0 3 &jSftf9— A* 1 0 fc, IPsecl 

^A>t£ i pa— *4a«*tMpr sA--?ii 

[0 0 8 2] HmUftV— A3tt, *B# 1 *» 6 © h t t 
p3VVKtfft5ht tpt-;«30t, htt 
p-y— 0^P»Pf«nTf*ia5«I.SSrff-5CG IAS 

S531fc, VPNy-^i-fl^telnet3V> 

SriEVPN^- h 5 a~5 ntt, 

l©A—?m 1 fcVPN-iz>y->Hy&ff-5VPNfeg 
813 5 0 k, fti)-^3i^£Dt elnet^^yn 

[0 0 8 3] wiMV^-h* VffyxgB^li, 

1 ©t>--/tSB 1 Csh t t p^n h 3/Vfta7> K% 



;H 2Sfe, *»©f»«GW«*l Stf*©l*l«*IS: 
2a~2n*n-My7t>Xt5IS, fffflfEGWS 

-&T?*>, WKVPN'Jt-M^rtyx^St 

[0 0 8 4] CfrifeffiD SWE-^^yA«|K:aifl'r*** 

mmt, VPNGW7KU««k, ! J^MVft 

PNNAT«»II^, VPN»Tft«t> $t»ffi£n#L 

#K:*jeL*:V\> -Witt, TCP/IPfellltt 

[00 85] r^t, n-h^>fty^*W 

[0 0 8 6] t^bfe, ^— 'J^-MVt 
£*fLT. VPN.CD h y^^l 2£rfM ItTCP/I 

6, X >x^>^^f|^R^S^2 a~2 n^vcD I 
tVPNNATffln-i/H P7Kl/7tffll^ 

lrtfc»««rtT6«eVPNNATl iO-eff 

[00 87] 4fc* *2©£HB* H-MVftV 
IT, VPN©h>*M2£?PLtTCP/IP^ 
S, ft^>^9©VPN^F^x^5a-5n^f 
^ y^^->^S»4*^'B£SCtf!>VPNy- h^?i^5a 

[o o 8 8] ist, we»— 

tt Jl> — $>M 1 1 flf:ii«it^VPNNAT not 
llteVPNNATfla-^^ I P T FW*&ft*-rs 
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vpnnat»o-*^i pt visx%u&r%mmo 

[0 0 8 9] if, (D-eS^-fey^Q^U^-K^yT 1 
T% ft^V* 9&> »i*GW**l ICfcfLT. fifiKG 

VPNNATMn-^^lPTK^ (10.0.0.1) ^rW* 
#T^>c Cfttt, 'J*- h X 

r009 03 VPNNATID^;HP7 

01P7F UZ&ffi&NAT 1 1 0ti9»»« e 

fc, ®ei§I*1B* u^-h* y^y^S:*^??*?*! 

JStetr®-?? 1 ;*- h ^ yr^yxSSJfeffStrVPN K > 
1 2©4 3 feabtVPNNATlP"^j^ I PT K 

* 5 (ESSH7^7Hr|t:45o 
CO 0 9 13 :0i-jC*||Cf»CVPNNATffn 
-i?;VIP7 KU^*«OftCt«:<T:fc*»KVPNN 

RoWSfcGWifi:*: 1 ^<3E)7^txfet©ST0 I P7K 

t0 0 9 23 WT* *2^B*aj«t-**8f«t U 

gCCOVPNy- ^x-f5a-5 ni^VPNOffiOV 
y-^048VPNy- h^i'fSi «*tt£S»RU 
At«GW«*©;l>-*«l ltSftltS^tCJ:!), /V 

^ J P7 K l/^^iKlf;YPNCDSfi|)H^ h t bXm 

roo933 bit, **a««r*a-rsfc»©eo©y 

<2&mmm (IPse c^Preshared Key. «H!UBE<rt 
CUT, Secret (ID2))«0 *«M»<tLTSS» 

[0 0 9 43 Sfc\ «fC^B«:S8a-r*fca&ir. Ill 

m i i cjuitvpnnat i i o*p»f 

[0 0 9 53 ffiffS V PNGW7 K l^^g^Mlt^ 
^5a-5 n^^VPNQgt^ 1 ; V-^fcSVPN 



«gw*r*a— nia»snfcvPN^F^x 

4 5 i ®^n^;vi P T KU**VPN©SWb*;* h 

[0 0 9 63 mfiH'J f y yft vxS*MB, i 
PsecCiS'Jt-M y-r^ vx©§&6i3££ft ! i?-9-- 
mmfi-eb, »«gwss^i o^-Mgjji ofcyu-^fip 

1 lM^«lS*2a-2niI»LTVPNNATl 

^ yfty^ll4«^TW: b^y 
x y x »t tfe c: fc 4a»*G w«* i c: 

[0 0 9 S3 iufBVPNNATl 1 0ff«C«9tt. l J * 
-h^ yftvxtf*Tlfel(!«GW*tl©»w«« 

V P NN AT 1 1 0*»»T*2i4:*g»i:'r*» Ctt 
fZ£9, £ "5 fc, VPNNATfflo- 

A/UI PT KI/^***#»iSffl«rii:ftS. VPN^ 
TAaf*. rPsecbyfa^tRTtUtiill 

[0 0 9 93 (^n^AR iBMKftffl) 

tmsua&s* vpngw7K^*w 
i, . j ; ^ - ^ v f y t v u^—h^y-r 

*yx|*T»** VPNNATi&ai, VPN»Tft 

[oioo] aiysjiBtt. m«Gw«*i 

&gS». MAC) (Bt^" 

jtPreshared Key. m^ltSecret (Wfc* 1 *** 
^^-K. lWft^*«VPNNAT«n-*A'I 
PTKU^. Hf^t;U-^a5fflVPNNAT«n-*;U 

IP7FU, Bt^ft^-^aSfflVPNNATffla-A 
;HP7F VX) -^fr-VWm (V P NN AT 1 1 
0. Bg^^Preshared Key) ^fr^H^^ 

[0 1 O 1 3 ^(Dlk, a- 2 ai-f 

T\ ^ — if) tflMGW«* i ^e>«^-^y ^ 9 m 
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ID, ftlffltt, JUS, MAC) ^@VPNGWSRM 
-H8VPNGW7Kl/«*l/^#y^ (VPNf-f 
^x^^n-A^V I PTFl/^) (VP 

[0 10 2] VPNGW7 KUXM©ftlHT 

«*2a-2ti«, i«GW«*^P-;\>7Kl/X > 

#) ^®VPNNATfflo-A^I P7 Kl/^iOSt 
»1~»®VPNNAT^D-*^ IP7K U^lWA— 
ti ><?Wl&-><£) I P s e cRjgAta-^fiy^- My 
ftV^(*^X*VX (rtiH«^2 a~2 VP 
NNATffla — *;M P7KUX, -+®V P 

NNATffin-^;^ I P7 KI/XOVPNNAT 1 10 

[0103] -fey^Q^H^ ^u-^tf>j^-My 

to l o 4 2 9T*fct, ^e— h ^ y^^v 

xs«icst^ v=£—Yj* yftyx«Tt« 

yTtyxtTSlo®^- M y^yxJBT:? v 
vk -©n-Myftyx^Ti/x^ 

V P NN ATSMiO®V P NNA T 1 1 OMWc 
^yF (flli8*2a-2n«) -><2)V P NN ATJ3 
a-*;H P7 KI/^VPNNAT««*MVPN 
N AT 1 1 OttUX^yx^VPNNATffln-^ 
;HP7 K 1/ ^ Sftftl-KBV P NN ATffl a - * Jl/ I 
FT KL'*^-^ y^R^»#frfrftSo 
[0 10 6] VPNNAT1 1 0*P*»T», 

V P Nj^T #<D V P N»T 3 V > V PNNATf 

>X^®V PNNATffio-^^ I P7F l^fatf/U- 
f^y ^SjSB-ft IPsec H^jSfflfcjPfrtoft a o 
to 1 0 7] PX±tfs &#yn-'<Dlim-?tbZn ft*5> 
WiffiGWiS* i 6K*B Lfc»^OfS*«EGW«S* i 
ft^y^ 9 09Mffi-7o — 1 0, mi I n-^ 

[0 1 0 83 m*>* mi 0C*TflMIIGWjB*l«7cr 
+ — h tol^Tfi^ RilttSTcliSTa^ST 



aSTh»RM»STc3fr6STd^STe«A 
T\ VPNNAT»aiST i ttRBWdSTcs^B 
STd-»STe-»STf**^ VPNTOIST 
j aSBMSTci^STd^STe->STf->ST 
g£mA,T. *fe»3a*ISTnaisaa*nSTc*^ST 
d^STk"*STimt, VPNGW7FUXS* 
S T o tetaSii® STc*6STd-*STk *»tr*» 
Ki*aSTnfr6ItlSfUTIi^, 'J^-h^f + y 
^S* S TmliSIia STc*6STd-^STk->S 
Tot»tffrSTd-»STk^8T i -^STn->STo 

*»x,-e. ^n^ssn, c mo 

[o 109] an fcmt^y* 9ffl7n-f + - h 

^ST1-^ST2-»ST3^ VPNGW7KUXB* 
#1,313 T 16SSTi-*ST2-^ST3-*ST15t, 
■J^E- b ^ yftyxSt&lST7SST 1^ST2 
->ST3-*ST1 5~*ST4£r, «C(*ii»lMffiS T 8 & 
ST1 ~*ST2-+ST3~*ST1 5-»ST4-*ST5 

[0 1 10] U^-Myfty^87ST9^STl 
->ST2mt, VPNNATiftftSTlZ^n- 
h^yfty^»7ST9A^ST10-»STl 1 

VPNH7ST 1 4tiVPNNAT«|ffl[ST i 2 

ft o ^ c: r t » jm c b &n ft v ^ 
&#] ft*5, *K*»B«*Slffrafc»fc:?4. JaTo 

(i) w^3«*ito, ^w«?®f*$8 

T\ Secret (ID)) %*«FK:#* II r £ a Secret 

(ID) tt, ttffBt£JR*l CROM»Cl»a*, «^ 
•9-"A3^^t^:^tStlSt§o ft£sSecret (ID) 

[0 112] (2) <£ui<-*» 1 1 1 P s e 

I P u^;v0VPNMtfro^fc o *fc, vp 

*WCfi 1 oT*< d 4: {IPsecOi^ 
^tttKltl5<Ci:) o Preshared keyii 

(3) Wty^90VPNy-f^x^5^ VPN 

ff-=T*5<i4: (IPsec©§^, Yn^x-^^ 

to 1 1 3] (4) VPN^b^x^ 514, 1 a> 
fr-*? m \ 1 i:M2»ttC!)fe5VPNll6«r»oi 



- 18 - 



to 

(5) <Dfo-?mi lft, 3 ®&mts 

lift. ^?-*^8'st«t^TlW5 

to i i 4i (e) ^-^sjeaaaasi 02*^^-? 

SP 1 1 <N©#«8B:5£ft ij t - h a y v (J-1T, t e 

(7) ift-;<3 ©V P N^- h 1 ^ 

5 1 ^<Z>#«ia!3Sti t e 1 ne t*ifeti^ntxiai« 

[0 115] (8) ^-^3±CB, VPNNAT 
1 1 0DB*«fo 0 F-7MZ, VPNNATIn-* 

ft, 7 UT, *DSTf»«GWiS* I D/« 

(9) «GWf*li:tt, *>< J-^-^/Ufe^o. x 

-Kfr^idESH, 7 -f -;UKfc LT, * I P7 KV 
X, VPNNATIn-Ji^ I PT K I/^t^ a ®M 

CO 11 63 (10) Wt-;t3±OVPNGW5 
(5a-Sn) J±1t^:©^ffi^Rri6t:-r^o -O0VP 
NGW5i4^®VPNGW5*^#1-SttM©VPN 

(1 1) W"A3±C(iVPNGWf'y^r-^ 
;i/fcj3h3 0 f-y;va, vPNy-t"?x-f5®iP7 

iJKGW I D%*#o<, 

[01 173 u&m~>-'r>x<DWiwi ^3~ia 

9fc, SI 2~H2 5£ffiV>T, ##LSCD^JHi::oV>T 
S&Wfcttrci-*. t+feC^TV^ffn-n (nl± 

&Mco®mm ft, a+^xfv/toiftcsfis-r 

■So 

[0 1183 <|gBa*affi>ll3. Ell 2M01 3 

*-/<!3l:»U f^-M3*»f. l H-h^V7 1 ^ 
yx©fc4&©£j*fi|$g ( I P s e c WPreshared Key. 
ifi*lSSL**7-K (BIT, Secret (ID2)). 

[0 1 19] iftea^3M,fflW.K©«^iE®afrSecret 
(ID) ©ftfeOK, Secret (ID2) %ffi-5©fi, SS* 1 
^:T!;ft-at?^,-5Secret (ID) <fc9&. Secret (ID2) 

Sfc, VPN&«STrs», 4S-fltWGWiS*lET©r 



f- i PT f u3*©fi»j&«#A&*i.*fe#>. *ft 

VPNNATMftff'J. *0tzib 
CD^ VPNa/?-^^^'?- (•' I P7 KUX mr, 
VPNNAT»c-*JHP7Kt/X) ^ 3 

[0l2 0](DtS2»3TyK 0-» 
M^-tr >■ * 9 ) 

i-i «*i»B«»T«, ia*-f 

[oi2U ammmMm)) 

1-2 -9— ash o©3w psiai&sm o sb, 

1-3 r«*l(5a = -?%ID + ?^AX?y^J 

1-4 MSIE^UT, Secret (ID) ftfflVvfc^yfe- 
3>BS£f (MAC) &£/£-TS (IS09797-I, 1SG9797 

[0122] t(37> KaseaM)) 

tit, s*i ov— Ami o/3?y KjttttAaflu i 

0 3) *>&f^-A3 (httpt-A«3 0) 'v® 
h t t p3T>Kt<* IPsec-b«;J'3»f:lI 

[0 1 2 3]«2»vx*yx ^3-»« 

mv— i o) 

(WW*-/***)) 

1-6 fiMf?-;t3<Dh t t pt- ^SU3 0ft, S# 
Lfe3-7>K«W7^-?S;CG I MW.M3 1 fc« 
U CG I#L3IfS$3 1ft, IC&K^tT, Secret (ID) 
%m^te* yte-^Bffi^ (MAC) t^J^UX (Sg*: 

Bf* (SUISSE) , 
[0 12 4] 1-7 CG I $4ffl9$3 lft, IPsec 
©^IEM (Preshared Key) , Secret (ID2) 

L, »*I DB© + <!)«*I DCStJCra U3-K**f 

U=J — K©#7 -r -JU KfcfiMt-r*,, 
[0 1253 1-8 CGHHS3 1B. VPNNA 
TDB 9 1 i^&ggfVPNNATJBo-A^ I P 7 K U 
-AfflSl 0fflt;l--?«!l 1 fflKIoI^t, m 
^ b =t- K©f«oaT««7 -< —A- Kt:««tGW«* I 

1 0 VPNNATMn-A/VI PT K l/XRtf/W- £ SB 
1 1 V PNNATSn-*;!' I P7KU7 -f - )V KC 
V PNNATfflo-*^ I PT K U*&»#-f 
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[0 1 2 63 1 -9 CGI«aaS3 1tt, IPsec 
omMm (Preshared Key) , Secret (ID2) , 
X<7-F\ »-y<«10atf^-?*l IJ1VPNNA 

[0127] ((tsxtfyxaMraa)) 

1-10 fit^-y— A3©h 1 1 p+J— A* 3 0(±, % 

*)), ft8$ 1 ©^fflSTHf^ffcLfe IPsec ©ig!E« 
(Preshared Key) , *3c 1 (D^MMTW-^ft LfcSecre 

t (1D2) > Mfttl OfcllMT*»fcLfc»**/<;*7- 
F, »*l©£W«Tlt9fl:Lfctf-/WSVPNNA 

fc>-*gpfflVFNNAT.fln-#;v I PT F U^*/^ 
^.j*-* iLfcf-?feCG I &SSP3 1 j&*F>gtf-t\ 
«^-A3 (h t t p -9- -ASP 3 0) (-? 
-Agpi 0/3?> K&tilftUSflSl 0 3) MJhttp 
UJXjKVX^I P s e c -fey 5/ 3 >>i: LX 

[0 12 8] ®-9--Agp 1 Qt A"- 9 mi 1 ©VPNN 
ATI 1 Ottjg OBiRIJ— Aflffl 0— *'* /U - * « 1 
1) 

((**«»«)) 

1-11 JHlfJU— A* 1 0!i, S§5f= 1 CE>.»art*-C, I 
P s e c ©III (Preshared Key) , Secret (ID2) , 
iW*«^ , 7-K, t-A*fflVPNNATfi|B-* 
*IP7F1/^, *-^»«VPNNAT^d-*>I 

[0 12 9] 1-12 SS^-ASJ 1 0 », VPN^ 
-Hi^SrlPse cM$t*X h £ bfcPreshared 
Key, *-AaSffiVPNNATJ§o-*/t'IPy 

^?3IVPNNATfn-A;HP7KV^® 
igjiga v y K (A—^SP ilCtelnet^^KO 
S6*C«fcO*«cS) fcfft«-rs.- ^cDBf, VPNy-> 

[0 13 0] ((3?yFgfjB») 

1-13 ffflMt^tfc^YV^^y^-J'fc 

lt, 0u-?S®4aaasi 02) *»&di85iei (;u 

— ^ §P 1 1 ) 'N© t e I ne t37VF<°-* y 
<(ii*;u~-*gp&31)) 

1-14 3£ff bfc Preshared Key®igmSt/V P NN 
ATI 1 OOKJ&fe/l"- *SP1 ltr«g&tr. 
[0 13 1] ((t-xtfvx^fiftH)) 
1-15 7f-n (JE'^'Sfcfi^^-Xx-? x 

*«si i) *>£>4g*i (-9— Agpi o/37y K&m#i 
SBSP 1 0 3) ^(D telnet U;**°yx<^ iFse 
C -fe y -> a y> It l/7)K>XfeMtl> 0 
C(«3|!/l/-^K]gfftt«LS)>«:UJbC-CRBjMl«Ue«i 



[0 13 2] <»|*a*n«ffl>B9 2 6©^-- J'yxHt; 
Si, »*l##l*Ufc£i:*fcjOU tWtf- A3 ICS 

ws» (-9--ASP1 o) -ca, «^i©-y--A 
gPl 0ATf*-9Bl 1 ©iSk»0»4, tKiB*w*£8 
t,t, ttK#A£Lfc&ttKaft«La*tttt?«. sp 

MAC, flt|*=i-K) -*©*|»a»k^*v^-(3> 

[0 13 3] (CMC*)) 

7-1 S§* 1 -CttPMft£%**1 Lfc*^ 1 #g 

((ss^iw&iD) 

7-3 JKSCCStfLT, Secret (ID2) Wfc^yt 
-S'KSiE^ (MAC) (IS09797-1, IS0979 

[0 13 4] ((aT'/KaW*©) 
7-4 S*ID, ill, MAC, WcD3-F$:^5 
M — P k. bT, $g5f;l (-9--Aail 0/37^ FSItti^ 
fflgpi 0 3) ^P.«^-9— A3 (h t tp-9— A«S3 
0) ~-©h tip 37VKT<* IPsecfey^sy 

[0 1 3 5] ((ft** -A»3S)) 

7-5 «W-;t3 0h t t p»- A»3 OJi, 58« 
tfcn -?> Figi:A9^-^*CG I&3IS5 3 1 Ct£ 
t a CG IfeSgU3 IS, ISSTiC^LT, Secret (ID 
2) Sffl0^s»*-J)Mf (MAC) fc&JftUT 
(ffi^lfcH#©SS:) , g«lftMACk-tT«: 

tfe*^-r?> (4^*@fE) o 

7-6 CGIftHfaili, SBUfc*|»3-KS« 

[0 13 6] ((^*>XSfW) 
7-7 Wt-A3fflh t t P-9--A3B3 0fcfc, Xx 
-9* OEflfSfctix?--:*? 1 -?* (KffiJtflf*))* 

A^y — 9 1 Ltzr-fitcG immms 1 

t, W-/<3 (h t t P-9--ASP3 1) 1 

(•y— i o/avy FSiai^aas 103) ^©h t 

tpk^*V^<#IPsectyv'3y>tLTV^ 

[0 1 3 7] «tt*ft«UD) 
7-8 VPNGW7Kl/XStAI4:gftt«. 
*e*5, «C»aj!IAttl»rJ:-»-C«»Lfc«fc|»3-Ftt, l J 

[0 1 3 8] <VPNGW7 FV7S*M>S4iD'> 
-^r^^S^C/® 1 4, E9 1 5 ©«a«7 o-#JIIffl «t -5 
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y >^±y7.m-M(omm^&^ftmMx\ vpngwt 

[0 1 3 93 OVPNGWT K b^S^n^V K 

9-1 rt®^*2a-~2n^e>tfSffiGW^*l-^iDW 
e b 7 ? -fe ^sm^wa*©^ vatflSifc if fr J; 3 ft 

[01403 (S^ltf&Jl) 

9-2 ft^|iS^2 a~2 n^e.©y r v p >-9-*r^-feXC 

jo teas a ^-h^yftyxi^ 

^iffr&Aas H-My 
ttXli«S#*tt£TOl:'r&« f*9» rtWS**(i, 'J 
[0141] 9-3 tw^lO©3?yFSMI 

an 0 3i±, «««2:fiiMt«r£jAr«. t;v^>jxa 

9-4 rsSffflai-^^ID + ^-fA^?^7j 

6 aae© s 

9-5 SCSCCjif LT\ Secret (id 2) %$V» 
fc^ f -fe-^iJSE-? (MAC) &«tS. (IS09 

7 9 7- 1, IS09797-2) EWtSCil^a 
*LV\ ) 

CO 1 4 2) (avvKIMi) 
9-8 S^ID, MAC, «4;^?^-? 

0 3) ft» A3 (httpt-^3 0) ^© 
h t t p3?^Kt<# Ipsec-b.y-/3»tU 

yfty^Sfnyy Kft&er*. 

t 0 1 4. 3 3 @ V P N GWlKftl 

9-7 fit^f-A30h t t pit-A^3 0(i, 
Uft3vyK«^?^-?^CGI #Ulgl5 3 1 CtK 
CG I &3S3U3 1 ». M-StlzttLX, Secret 



(id 2) ttmwz* v*i-i?mm* (MAC) £4$ 

CO 1 443 9-8 f1*-^3liVPNGWh>* 
^DBtl^KJU VPNGW I- y^;>DB©gilOST 

h r§^*IDJ C#£gUU Sfj^-rSVPNGW^a- 
P7K l^fcaNKTiVPNGW* T5 i j i:tS. C 

to 1 4 53 9-9 vxtf v 9 y-^wiiiffs 
rVPNGW^n-;\>i P7Kl/^J %S*Lfc^&fl 

10 1 4 63 ©VPNGW7 FU^MSU^jHV^ (* 
A3— X*l 0) 

9-10 ft^-y-— A3©h t t p+J— ASP3 Ote, % 

) , Sa*l CD^M®t*8&#'fbtfcVPNGW^o- 
;<)l> I P7FM*;W-?t Lfc-^-^CG I & 
ffig]5 3 1 *e>SW-c, «ft-A3 (htt p-y--;sg& 
3 0) *>P.S5S1 C+J-— y<SJ5 1 0/3W KSStlliffiaSt! 
103) ^©h t t p i/X*yx<*t» 3 >>t L 

CO 1 4 73 3SV PNNG7 K l/Xg$bX*"y xgf 

&»a i o-»«85M/-*»i i) 

9-11 S*f-^il0B, «B* 1 ©»«f«T, V 
PNGW^n-;UIP7Fl/X^ftU R^TT 

[0 1 4 81 9-12 Ott. VPNG 

W?u~-/W I P7K^tVPN*ffl*X b £ LXWC 
feTZ>fc$b<Z)^~?y K O— HOtelnetn 

9-1 3 K4^7^-? k 

(/I'—^gpi 1) ^telnet3^?>F<n^^ 

[0 1 4 93 («*^-**««) 
9-14 VPNGW^a-MTKV'^tVPNWft 

9 -1 5 X - ^ X (IEtt3U*x^ — Xf- 9 ^ (n 

S10 3) telnet UX#V^<* I p s e c 
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co i 5 o] K««t&*ia) 

9-16 'J ^fi— • P j< ti'^Ittl&SfttSi, 
CO l 5 1 3 < u b ^ y?^-vxB^:^a>gl5 ffl 

c^-r*?, >j ^~ p y y^±>^m^.Mmit, ips 

e c v=e- py y-f ^v^cD3liS%# ! ^-y--^3 

[0 1 5 23 "J^-F^ft^^Sttat 
«, V PN ^ilt 5fc8b©»SGW« 1 © I P 7 K 

6, m-^3ii, fitSKGWii*l 
C^fUfc I PTK^MItS. ^© I P7 FUX 

T, VPN1, P7FI/Xl:S)ltS t 
[0 15 3] JSC, VPN**jrr*R, #«5fEGW« 

#SrfrA5 c-T-Sfctefr, -te>* 9A*e> >)*— P y 
Vx + VXSt«.F«3lft4S*2 a-2nC*tt5VPNNA 
TIn-A*IP7FV^WU VPNNAT*! 

E0 1 5 4) VPNNAT««fJ^hCJ:0. fitift 
GWi*lETfflD-*/HAN7 Kt^tfH-T*** 

£U r.-3©fl|ittGW«8*l ^K192. 168.0. 0/24©a 
-*/U*v P £f§>o id , S^-tv? 9 

2a~2nCSLt] P'Jf t-^V^SitStTt 

So • 

[0 l 5 5] ©'j^E-py yftv^S^vy K (M 
2-1 VPNGWTKU^SIf*C0*l»»TftC, fi» 

Co i s 63 ((sss^HUiSaa)) 

2-2 VPNGWyK^SttftfLfe'Jt-M 

v 7=- ^ v t. m n *mn-t &<> 

101673 2-3 -9— /tajSl OCOHTy KSSlii«Lffl 
i3l 0 3 It, m®mt'Affl&1t&.)$,T%o T)\,3VX& 

2-4 rigflOa--^fj:ID + ?'fAX?yyj 

CO 1 5 83 2-5 ItCJffLT, Secret (ID2) % 
fflV>fcy v -fe-^^IET- (MAC) CIS0979 
7-1, IS09797-2K^i!aTSC i:*^* LV0 „ 
2-6 ^^^gc^TSfe*©/^*--*©^ 



•b, rs***, niWJN$«, * 

iIGWS*l C«i#a*XTV»* Secret (102) "CHf-^ 

CO 1 5 93 COW K2£«»JB)) 
2-7 S*ID, fllA, MAC, g**-^^ 

bT, ««1 (D-^lO/a^K^MflO 
3) fr&WtwO (httpf-/«3 0) -x©h 
ttpnvv KT<#I P s e ctj Ub >>h LT'J 

CO 1 6 03 ®VPNNATfflD-*«' IP7FWX1 , 

((^sp-y-— ;<&a)) 

2-8 «^t-/?3fflht tpt-ASaOtt, S§ 
Ltc-a^y &CG I&JS*3 1 Cjffi 

f. CG I&®«3 1-tt, I?:fcSr#fbT, Secret (ID 
2) ftfflV^fcy yte-SJ'BK^ (MAC) *±^tt 
(«*kBI«t©»)(C) , SflJLfcMACfc-ScTSSi: 

4 («*!SfiE) o 

C0 16 13 2-9 CGI A»3 1»h 
£$1,, 'J ; E-MyftyXgtDB920l/3-K 

'jx-fn, stts-^, ^fi-at^j, y>-?>- 

~2 nsg&^JH'So &$3, 4S8*DB9 0fflU=r-F& 

CO 1 6 23 2- 1 0 CG Ifc«»3 lli, St«S?» 
REMOTE JU>DR*>'&fSifcGW88;fc 1 CD^o-z^V IP7K 
UXSrSfcWU it)iBU ;: e-hy>x^>^»*DB9 2 

2-11 CG I«a*3 ltt, **I D, 

;w Sfj&K&flffiEy^-py yftv^g*DB92© 

[01 63] 2-12 CG! &ffl3?3 1 tt, «f*ftrt 

Secret (1D2) Tff^M: bttlS V P J* 
t>XS*DB92®P3"Ki:W5 0 frfes 
-W >ftVXS*DB9 2©1'3-K%I27 K.^ 

To 

CO 1 6 43 2- 1 3 CG I &S8B3 1 a, 3E*l33ft 

fc^jfs i d/«*« 

», ■fcn-frftoWsKfcfc-^'O n-tit, vpn 

NATDB9 1 £r#?Kb, ^0«* 1 CVPNNATffl 
[0 1 6 5] VPNNATfflD-** I PT KU-X^SJ 
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l FT KUaMMB'J*- MVft^mD 
B9 2 VPNNATffln-AiH 
P7KUX#I0ST6hTV>fttf»ltf, VPNNAT 
DBG 1 fr6fi*VPNNAT«D-*^l P7F^ 

»*GW«* I D/flI«***«»t 4 i: ^ t»K, fk 
»LfcVPNNATmn-*^I P T K U^fcflMBU * 

6o VPNNATDB91ffll/3-KtB30C 
ST* 

[0167] 2-u cgi mmm3 i y k 

7&T%> (H2 9#M) 6 

CO i 683 ©y^b^y^yxi?*wxtfy;*® 
A*) 

2-2 7 R**9--/t3CDh t t ptf- A#3 014, * 

#*fcVPNNATfflo-*;M P7K^®fi <«t* 

^fX, A3 (h t t p*-A»30) 
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